Book a Call
AI Product StudioEst. 2014
Back to all articles
Product EngineeringApril 27, 2026·19 min read

Ship Fast, Break Nothing: The Engineering System Behind Safe AI-Assisted Development

Tests are the missing discipline in AI-assisted development. Your AI writes great code but can't see what it breaks—a test suite fixes that.

Bradley Jackson
Bradley Jackson
Founder & Principal Engineer

Your AI Can Write Code. Can It Promise Not to Break Everything Else?

There's a question nobody in the AI development space wants to talk about honestly. It's not "can AI write code?" It can. It's getting better at it every month. The question is: can AI write code that doesn't silently break the code that was already working?

The answer, without a test suite, is no. And most AI-assisted projects don't have one.

This is the gap that separates production software from demo software. The gap between "look what I built this weekend" and "this system runs a business every day and hasn't gone down." It's not a tooling gap or a model gap. It's a discipline gap. And it's getting wider as the industry moves faster.

The context problem nobody talks about

When a human developer sits down to add a feature, they bring context. They know the codebase. They know the patterns. They know that changing the way user authentication works will break the billing module because they built both and they remember the dependency.

AI doesn't have that. Large language models operate within a context window. They see what you show them. They're extraordinarily capable within that window, but they don't "remember" the rest of your codebase the way a developer who has lived in it for six months does.

So when you ask an AI agent to modify a function, it will modify that function. It will do a great job on the code you pointed it at. But it has no reliable way to know that three modules away, another function depends on the exact behavior it just changed.

This isn't a flaw in the AI. It's a constraint of the architecture. And the solution has existed in software engineering for decades.

Tests are the context.

Tests as a contract with your codebase

A unit test is a statement of intent. It says: "this function, given this input, must produce this output." An integration test goes further: "these components, working together, must produce this result." An end-to-end test goes further still: "this user workflow, from click to database to screen, must produce this outcome." A test suite is a collection of hundreds or thousands of these statements that define what your software is supposed to do.

When you have a comprehensive test suite and an AI agent makes a change that breaks something, you know immediately. Not after a user reports a bug. Not after the system crashes at 2 AM. Immediately, before the change is committed, before it reaches production.

The test suite acts as a contract. The AI is free to change whatever it needs to change, but the contract has to hold. If the tests pass, the change is safe. If they don't, the AI knows exactly what it broke and where.

This reframes tests from something developers write to "check their work" into something much more important: tests are the mechanism by which AI understands the boundaries of a system it can't fully see.

The four pillars of safe agentic development

Building production systems with AI assistance requires more than just writing tests after the fact. It requires a methodology. After shipping multiple complex platforms this way, here's the framework that works.

Pillar 1: Architecture documentation that AI can read

Before writing a single test, document the core workflows. Not as vague descriptions, but as precise flow definitions that an AI agent can parse and reason about.

Here's what this looks like in practice. For a CRM enrollment pipeline, the architecture doc specifies the exact flow:

POST /api/clients/enrollments -> Validate request (student_type, students[], outcome) -> Route by student_type x outcome: 1. Adult as Prospect: -> Create 1 client (is_student=true, is_account_manager=true) -> lifecycle_status: 'Prospect' -> No lessons created 2. Parent + Children as Enrollment: -> Create parent (is_account_manager=true, is_student=false) -> Create N children (is_student=true, is_dependent=true) -> Create N AccountManagerOf relationships -> Create lessons per child (not on parent) -> Set staff attribution on all family members -> Create activity events for parent + each child

This isn't documentation for humans. It's context for AI. When an agent needs to modify the enrollment flow, it reads this doc and understands the four routing scenarios, the relationship model, and the downstream effects before writing a single line of code. Without it, the agent guesses. With it, the agent knows.

We maintain architecture docs for every major subsystem: communication event processing, withdrawal workflows, sales dashboard calculation rules, form ingestion pipelines, background job architectures. Each one defines the inputs, the routing logic, the side effects, and the invariants. Together, they form a map of the system that fits inside a context window.

Pillar 2: A test suite that grows with the system

The numbers matter. Not as vanity metrics, but because they represent the surface area of your safety net.

On one production platform, the test suite grew from 146 tests across 6 files to 405 tests across 17 suites. On another, 26 test files covering roughly 15,600 lines of test code span every critical service and route. These aren't toy tests. They cover real business logic: what happens when a parent enrolls two children but one's instrument isn't available? What happens when a withdrawal is initiated mid-billing cycle? What happens when a communication event arrives from a phone number that matches two different client records?

The test architecture follows a deliberate layering:

Unit tests at the service layer. Each domain service gets its own test file. Client matching logic. Phone number normalization. Data transformers for different communication channels. Lesson scheduling calculations. These tests run in milliseconds, mock all external dependencies, and verify that individual functions produce correct outputs for every known input pattern.

Integration tests at the API layer. These test full request/response cycles through the actual route handlers. An enrollment flow integration test creates a prospect, converts them to an enrolled student, assigns a teacher, creates lessons, and verifies the activity events are recorded correctly. A withdrawal flow test initiates a withdrawal, validates the token-based feedback form, processes the withdrawal, and confirms downstream lesson records are updated. These tests catch the dependency chains that unit tests can't see.

End-to-end tests with Playwright. On the frontend, Playwright tests drive real browser sessions through critical workflows. A new enrollment E2E test fills out the 16-section enrollment form, submits it, and verifies the student appears in the CRM with correct relationships. A staff import test uploads a CSV, validates the staging preview, and confirms the records are promoted into the live system. These tests catch the integration failures between frontend and backend that no amount of API testing will find.

Simulation tests for statistical correctness. For systems with dashboards and metrics, we built simulation engines that generate realistic data distributions and verify that rollups, averages, and aggregations compute correctly across hundreds of synthetic records. When the sales dashboard says there were 47 enrollments last month, the simulation test proves that number matches reality.

Pillar 3: Numbered task documents for incremental complexity

This is the pattern that changed how I build complex systems with AI. Every feature, every subsystem, every significant piece of work gets a numbered task document.

docs/tasks/ 001-typescript-conversion.md 002-architecture-decisions.md 003-infrastructure-and-terraform.md 013-audio-analysis-service.md 026-quality-observability-and-test-gates.md 032-harden-test-suite-for-core-functionality.md 045-activity-feed-service.md ... completed/ on-hold/

Each task document follows a consistent template: summary, context, acceptance criteria, technical approach, files to modify, dependencies, and a progress log. The progress log is the key. As you work through a task, you record what you did each session. This creates a paper trail that AI agents can read in future sessions to understand not just what the system does, but why it was built that way and what decisions were made along the way.

The numbering creates a chronological record of how the system grew. Task 001 was converting to TypeScript. Task 003 was setting up infrastructure. Task 013 was the audio analysis service. Task 026 was establishing test gates. Task 032 was hardening the test suite. An AI agent landing in this codebase for the first time can read the task history and understand the evolution: this system started as a simple prototype, layered on infrastructure, then added progressively complex features, and test coverage grew alongside the complexity.

This is how you add complex layers without hallucinations. Each task builds on the documented foundation of the previous tasks. The AI isn't guessing what came before. It's reading the receipts.

Pillar 4: Test-gated CI/CD that makes shipping safe

None of this matters if a developer (or an AI agent) can push broken code to production. The final pillar is a CI/CD pipeline that gates every merge on passing tests.

Here's the structure that works across pnpm monorepo projects:

YAML
jobs:
  changes:
    # Detect which paths changed - only run relevant checks
    steps:
      - uses: dorny/paths-filter@v3
        with:
          filters: |
            shared: ['shared/**']
            web: ['apps/web/**', 'shared/**']
            backend: ['services/backend/**', 'shared/**']
            contracts: ['contracts/src/**', 'contracts/test/**']

  shared-types:
    # Always build shared types first when shared/ changes
    needs: changes
    steps:
      - run: pnpm --filter @project/types run build
      - run: pnpm --filter @project/types run typecheck

  backend:
    # Build types, then build backend, then run tests
    needs: [changes, shared-types]
    steps:
      - run: pnpm --filter @project/types run build
      - run: pnpm --filter @project/backend run build
      - run: pnpm --filter @project/backend run test

  web:
    # Build types, then build frontend
    needs: [changes, shared-types]
    steps:
      - run: pnpm --filter @project/types run build
      - run: pnpm --filter @project/web run build

Several things are happening here that matter:

Path-filtered execution. The CI only runs checks relevant to what changed. A frontend-only change doesn't trigger backend tests. This keeps the pipeline fast, which matters because AI agents iterate rapidly and slow feedback loops break the development rhythm.

Dependency ordering. Shared types build first. Then packages that depend on shared types. Then tests run against the fully built system. This mirrors the turbo.json task graph in the monorepo and ensures nothing is tested against stale artifacts.

Frozen lockfiles. CI runs with --frozen-lockfile, which means if someone adds a dependency without updating the lockfile, the build fails immediately. No "works on my machine" situations.

Tests must pass before merge. This is the gate. No exceptions. If the test suite catches a regression, the merge is blocked. The developer (or the AI agent) fixes the issue before the change reaches production. This single rule eliminates the entire category of "we shipped a bug because we forgot to test."

The CLAUDE.md pattern: project-level AI context

Beyond individual task documents, the root of every project gets a CLAUDE.md file. This is the master context document that any AI agent reads first when entering the codebase.

A good CLAUDE.md contains:

  • What the product does in plain language
  • Monorepo structure with workspace paths and what each package contains
  • Key vocabulary specific to the domain (so the AI doesn't use generic terms)
  • Core conventions that should never be violated
  • Current phase of development so the AI knows what's in scope
  • Tooling requirements like which AWS profile to use, which CLI tools are available
  • Documentation pointers so the AI knows where to find architecture docs, task history, and decision records

This file is the difference between an AI agent that needs 20 minutes of conversation to understand your project and one that's productive from the first prompt. It's the project's handshake with every AI session.

The docs-as-knowledge-graph pattern

Beyond the CLAUDE.md, the most sophisticated projects maintain a full business knowledge graph inside the docs/ directory. Not as a wiki that someone has to remember to update, but as a structured, cross-referenced system that both humans and AI agents navigate.

Here's the structure that works:

docs/ company-knowledge/ 00-index/ README.md # Navigation hub, links everything glossary.md # 114 domain-specific term definitions vision-map.md # One-page visual map of the business 01-company/ # Who we are, why we exist 02-product/ # Every surface, feature, concept 03-strategy/ # Roadmap, GTM, launch plan 04-decisions/ # Timestamped decision logs 2026-03-10-crate-first.md 2026-03-10-pwa-first.md 2026-03-18-vault-commerce-model.md 05-research/ # Market, competitors, user feedback 06-finance/ # Revenue model, scenarios architecture/ # Technical subsystem docs tasks/ # Numbered development tasks completed/ on-hold/

The decision log is particularly powerful. Each entry is timestamped and records not just what was decided, but why. When an AI agent encounters a fork in the road six months later, it can check the decision log and understand the reasoning behind the current approach. No more relitigating settled decisions. No more agents proposing solutions that were already considered and rejected for good reasons.

The glossary is equally valuable. In any domain-specific product, there are terms that mean something precise. "Workspace" means a project container, not a generic folder. "Track" means a promoted audio asset with full metadata, not just any audio file. "Promote to Track" is a specific transition from raw file to structured release object. When the AI uses the wrong term, it introduces confusion that compounds across conversations. A glossary with 100+ entries eliminates that drift.

The key design principle: everything cross-references with relative paths. The index links to strategy, which links to decisions, which reference architecture docs, which point to task documents. An AI agent can follow these links the same way a developer follows hyperlinks. The knowledge graph becomes navigable context, not a flat pile of files.

This pattern scales. We've built knowledge graphs with 37+ files across 7 sections. The maintenance cost is low because each entry is small and focused. The payoff is enormous because every AI session starts with a complete understanding of the business, not just the code.

The compound effect of test coverage

Here's what most people miss about building a large test suite: the value compounds over time.

When you write your first 50 tests, it feels like overhead. You're writing code to test code. It takes time. It slows you down.

At 200 tests, you start catching things. An agent makes a change and three tests fail. You realize a dependency existed that nobody documented and nobody would have caught without the suite.

At 500 tests, your development speed actually increases. Not because you're writing less code, but because you're spending zero time debugging regressions in production. Every change ships with confidence. You stop second-guessing. You stop manually testing flows that the suite already covers.

At 1,000+ tests, the system is self-documenting. A new developer or a new AI agent can read the test suite and understand what the software does, what it expects, and where the boundaries are. The tests are the specification. The tests are the documentation. The tests are the context that makes AI-assisted development trustworthy.

Writing tests that AI agents can actually use

Not all tests are equally useful as context for AI-assisted development. Some patterns work better than others.

Descriptive test names are context. A test called test_function_3 tells an AI nothing. A test called should_prevent_double_booking_when_teacher_already_has_lesson_at_requested_time tells it exactly what behavior is protected. When this test fails after a change, the AI knows precisely what contract it violated.

Test the boundaries, not just the happy path. AI agents are great at writing code that handles the expected case. They're less reliable at handling edge cases they weren't told about. Your tests should cover the scenarios that are easy to forget: what happens when a student withdraws mid-billing cycle? What happens when a teacher is assigned to a lesson that conflicts with another? What happens when a parent has two children and cancels one? These boundary tests are where regressions hide.

Integration tests catch what unit tests miss. A unit test tells you a single function works correctly in isolation. An integration test tells you that function works correctly when connected to the database, the authentication layer, the event queue, and the rest of the system. For AI-assisted development, integration tests are often more valuable because they test the connections between components, which is exactly where AI-generated changes tend to introduce problems.

Keep tests fast and deterministic. A test suite that takes 30 minutes to run won't get run often enough. All external services should be mocked. No network calls. Fixed mock responses. Single-threaded execution. A well-architected test suite runs in seconds, not minutes. That speed enables the rapid iteration cycles that AI agents thrive on.

Using AI to hunt its own failure vectors

Here's a technique that turns the AI's analytical capability back on itself. Once you have a working feature with basic test coverage, ask the AI agent to do a deep dive on potential failure vectors and write tests for them.

The prompt is simple: "Look at this module, its tests, and how it connects to the rest of the system. Identify edge cases, race conditions, and failure scenarios that aren't currently covered. Write tests for the ones that could cause production issues."

What comes back is remarkably thorough. The AI will identify failure vectors that a human developer might take weeks to discover organically:

  • What happens when two webhook events arrive for the same phone call within milliseconds of each other? (Race condition in idempotency logic)
  • What happens when a CSV import row has valid UTF-8 encoding but contains invisible Unicode characters in the email field? (Deduplication breaks because the email "looks" the same but doesn't match)
  • What happens when a scheduled job fires during a database migration? (Partial schema state causes silent data corruption)
  • What happens when an API consumer sends a valid JWT token that was issued before a user's role was downgraded? (Authorization check passes on stale claims)

These aren't theoretical. These are real failure vectors that AI agents identified and wrote tests for in production systems. Each one became a test case that now guards against that exact failure, permanently.

The cycle becomes self-reinforcing. You build a feature. You write the basic test coverage. Then you ask the AI to attack its own work, identify the failure vectors, and write the defensive tests. The AI is simultaneously the builder and the adversary. The result is coverage that goes deeper than what most teams achieve through manual testing alone, because the AI can reason about failure modes across the full system topology in ways that are tedious and error-prone for humans.

This is the practice that takes a test suite from "we check the happy path" to "we have tested scenarios that no human would have thought to test until they caused an incident." It's the difference between 200 tests that cover the obvious flows and 500 tests that cover the edge cases where production systems actually break.

The real cost of skipping all of this

The AI development community is moving fast. The incentive structure rewards speed. Ship the demo. Post the screenshot. Show the prototype. Nobody asks "how's the test coverage?" because test coverage isn't exciting and doesn't go viral.

But the businesses running on this software care. A company that processes invoices through their platform cares whether a Friday afternoon code change will break Monday morning billing. A school that depends on their CRM to manage hundreds of students and dozens of teachers cares whether the system is reliable.

The real cost of skipping tests isn't the bugs you ship. It's the changes you're afraid to make. Without tests, every modification is risky. You slow down. You avoid refactoring because you might break something. You avoid letting AI agents work autonomously because you don't trust the output. You end up with a codebase that's frozen in place, maintained by fear instead of confidence.

That's the opposite of what AI-assisted development is supposed to enable.

The methodology, in summary

Safe agentic development isn't a single practice. It's a system of interlocking practices that make AI-assisted development trustworthy at production scale:

  1. A CLAUDE.md at the project root that gives every AI session immediate context
  2. A docs-as-knowledge-graph with business context, glossary, and timestamped decision logs
  3. Architecture docs that define subsystem flows precisely enough for an AI to parse
  4. Numbered task documents that record the incremental build history and decision trail
  5. Unit tests covering individual service functions with descriptive names and boundary cases
  6. Integration tests covering API request/response cycles and cross-component dependencies
  7. End-to-end tests driving real browser sessions through critical user workflows
  8. Simulation tests validating statistical correctness of dashboards and aggregations
  9. Pnpm monorepo structure with shared types, workspace packages, and turborepo task graphs
  10. Test-gated CI/CD that blocks every merge on passing tests with path-filtered execution

Each practice reinforces the others. The knowledge graph informs the architecture docs. The architecture docs inform the test cases. The test cases validate the architecture. The CI pipeline enforces the test suite. The task documents record why decisions were made. The decision logs prevent relitigating settled choices. The CLAUDE.md ties it all together for the next AI session.

Remove any one of these and the system degrades. Remove all of them and you're back to shipping demos and hoping nothing breaks.

Tests are infrastructure, not overhead

There's a mindset shift that needs to happen in the industry. Testing is not a tax on development. It's not overhead. It's not the boring part you skip when you're moving fast.

Tests are infrastructure. They're the foundation that makes AI-assisted development trustworthy. They're the context that AI agents need to work safely in a complex system. They're the contract between what your software does today and what it will continue to do tomorrow after 50 more changes.

If you're building software in 2026 and you're not investing in test coverage, architecture documentation, and CI quality gates, you're building on sand. The code will work until it doesn't, and when it breaks, you won't know why, and neither will the AI you're asking to fix it.

Build the test suite. Document the architecture. Number the tasks. Gate the merges. Make it the foundation that everything else runs on.

Your AI is powerful. Give it a contract to work within, and it becomes reliable too.

#ai-assisted development#test-driven development#software engineering#agentic workflows#code quality#CI/CD
Previous Article
Custom Software Used to Be a Luxury. Now It’s a Competitive Advantage.
Explore more articles