Forem: Kiran Naragund

From MVP to Production: Tools That Grow With Your SaaS 🚀

Kiran Naragund — Mon, 16 Mar 2026 03:20:09 +0000

Hello Devs 👋

Building a SaaS product is thrilling. But moving from your first MVP to a reliable production service takes more than code. You need scalable infrastructure for things like auth, billing, emails, uploads, observability, and execution intelligence. Building all of this from scratch slows you down and introduces risk.

That’s why many SaaS teams use proven tools and SDKs that solve real infrastructure problems so they can focus on the core product.

In this article you’ll get for each tool:

A clear description of what it does
Key features
Why it’s useful for SaaS
A simple getting-started guide
Links to official docs and websites

Let’s level up your SaaS stack 👇

What’s an SDK?

A software development kit (SDK) is a bundled set of tools that helps you integrate functionality or services into your application without building them from scratch.

SDKs often include:

Prewritten code libraries
APIs and interface definitions
Documentation and examples
Debugging or testing helpers

Using SDKs helps you:

Save time
Avoid reinventing the wheel
Reduce bugs
Build consistently across environments

Whether you need authentication, payments, emails, or production intelligence, well-chosen SDKs drastically speed up development.

Hud: Runtime Production Intelligence That Scales With You

Hud is a runtime code sensor that captures real production execution behavior and brings that context where engineers actually work in their IDEs and code review workflows. It continuously collects function-level execution data, detects issues like regressions or errors, surfaces root causes, and powers production-aware development with or without AI assists.

Unlike typical SDKs that provide discrete functions (like auth or payments), Hud is an intelligence layer. It does not change your business logic. Instead, it observes how that logic behaves under production traffic and delivers real execution insights back into your development loop.

Why It Matters

Most SaaS teams face a gap between:

What code looks like in source
How it actually runs under real customer load

This gap grows as you scale and adopt AI-assisted coding tools. Code suggestions and refactors that look valid in staging may fail in production because they lack real execution context.

Hud fills this gap by:

Giving function behavior signals from production
Detecting regressions or errors automatically
Pinpointing exact root causes
Feeding runtime context into supported IDEs
Enabling safer, production-aware AI coding workflows (MCP server)

In short, Hud helps you move from reactive debugging to proactive production confidence.

Key Features

Function-Level Execution Data: Hud captures how each function behaves in production: invocation counts, durations, error signals, and behavioral trends.
IDE Integration: Runtime summaries appear inside supported editors like VS Code and JetBrains. You get real behavior context without leaving your code.
Automated Issue Detection: Hud flags behavioral changes after deploys, new errors, and performance regressions with root cause context.
Production-Aware AI Coding: Hud’s MCP server streams production signals into AI assistants like Copilot or Cursor so generated suggestions align with how your code runs.
Minimal Overhead & Zero Config: It installs fast and runs safely in production without heavy configuration.

Why SaaS Teams Use It

Hud is not just another monitoring tool. It becomes valuable when:

Your app has real production traffic
Issues only show up after deploy
You use AI-assisted coding tools
You want deeper insight than logs or traces can provide

Beginner teams focused on MVPs usually do not need this yet. But once you have real users and production complexity, Hud helps teams catch issues early, fix them quickly, and build with confidence.

How to Get Started

Here is a simple guide to set up Hud in a Node.js app.

1. Create a Hud Account

First, sign up at hud.io and create your workspace. After signup you’ll get API keys for your project.

👉 Visit: https://hud.io

2. Install the Hud SDK

In your project directory, install the Hud package:

npm install hud-sdk

This installs the lightweight sensor that captures runtime behavior.

3. Initialize Hud Early in Your App

Hud works best when it starts before your application logic. So import and initialize it early in your main file.

Create a file named hud-init.js:

const hud = require("hud-sdk/setup");

hud.register({ includeModules: [] });

hud.initSession(process.env.HUD_API_KEY, "my-service");

Then, change your start script so this file loads first:

node --require ./hud-init.js index.js

Or import it at the top of your entry file:

import "./hud-init.js";
// ...rest of your app

4. Open Your IDE Extension

Install the Hud extension in your IDE (VS Code, JetBrains, or Cursor). This lets you see real production behavior right next to your code.

VS Code: Install from here
JetBrains IDEs: Install from here

Now you’ll see runtime summaries and signals directly in your editor.

5. Deploy and Watch Production

Once Hud is running in production, it starts collecting and sending runtime data automatically. You can view function performance, errors, and trends in the Hud dashboard or directly in your IDE.

Watch this quick demo video for better understanding 👇

Official Links

Documentation: https://docs.hud.io/docs/welcome
Website: https://hud.io
Install & Setup Guide: https://docs.hud.io/docs/installation-guide

Clerk: Authentication Without Building It Yourself

Clerk helps you handle authentication and user management without building everything from scratch. It takes care of users, sessions, and tokens, so your backend can trust who is making a request.

Instead of writing your own auth logic, you can use Clerk to verify users securely on the backend and protect your APIs.

Key Features

Secure user authentication
Session and token management
Easy backend verification
Works well with Node.js APIs
Dashboard to manage users

Why It’s Useful for SaaS

Every SaaS backend needs to know:

Who the user is
Whether the request is authenticated
Whether the session is valid

Doing this yourself is time-consuming and risky.

Clerk helps you:

Secure your backend APIs quickly
Avoid common auth mistakes
Scale user management as your SaaS grows
Spend less time on security setup

How to Get Started (Backend Setup – Node.js)

1. Create a Clerk Account

👉 Website: https://clerk.com

2. Install the Clerk Backend SDK

In your backend project, install Clerk:

npm install @clerk/clerk-sdk-node

3. Add Environment Variables

Add your Clerk secret key to your environment variables:

CLERK_SECRET_KEY=your_secret_key

4. Protect Backend Routes

Use Clerk middleware to protect your API routes.

import express from "express";
import { ClerkExpressRequireAuth } from "@clerk/clerk-sdk-node";

const app = express();

// Public route
app.get("/public", (req, res) => {
  res.json({ message: "Anyone can access this" });
});

// Protected route
app.get(
  "/api/dashboard",
  ClerkExpressRequireAuth(),
  (req, res) => {
    res.json({
      message: "Authenticated request",
      userId: req.auth.userId,
    });
  }
);

app.listen(3000, () => {
  console.log("Server running on port 3000");
});

Now, only authenticated users can access /api/dashboard.

5. Access User Information on the Backend

Once authenticated, you can safely access user data.

app.get(
  "/api/profile",
  ClerkExpressRequireAuth(),
  (req, res) => {
    res.json({
      userId: req.auth.userId,
      sessionId: req.auth.sessionId,
    });
  }
);

This makes it easy to link users to your database records.

Frontend Configuration (Quick Note)

Once your backend is protected, you’ll need to:

Add Clerk to your frontend (React, Next.js, etc.)
Send the authentication token with API requests

Clerk provides ready-made frontend SDKs and UI components to handle login and signup easily.

👉 Frontend setup docs: https://clerk.com/docs

Official Links

Documentation: https://clerk.com/docs

Website: https://clerk.com

Stripe: Payments and Subscriptions for Your SaaS

Stripe helps you handle payments and subscriptions without building complex billing logic yourself. It takes care of card payments, retries, invoices, and many edge cases that are hard to get right.

For a SaaS backend, Stripe is mainly used to:

Create subscriptions
Charge customers
Listen to payment events using webhooks

Key Features

One-time payments and subscriptions
Secure payment handling
Webhooks for billing events
Customer and invoice management
Widely used and well-documented

Why It’s Useful for SaaS

Almost every SaaS needs billing. Writing your own payment system is risky and slow.

Stripe helps you:

Start charging users quickly
Avoid payment and security issues
Handle upgrades, downgrades, and cancellations
Keep your backend in sync with payment status

How to Get Started (Backend Setup – Node.js)

Below is a simple backend setup using Node.js.

1. Create a Stripe Account

👉 Website: https://stripe.com

2. Install the Stripe SDK

Install Stripe in your backend project:

npm install stripe

3. Add Environment Variables

Add your Stripe secret key to your environment variables:

STRIPE_SECRET_KEY=your_secret_key

4. Initialize Stripe in Your Backend

Create a Stripe client that you can reuse in your app.

import Stripe from "stripe";

const stripe = new Stripe(process.env.STRIPE_SECRET_KEY, {
  apiVersion: "2026-01-28",
});

export default stripe;

5. Create a Customer

When a user signs up for your SaaS, create a Stripe customer.

const customer = await stripe.customers.create({
  email: "user@email.com",
});

Store the customer.id in your database and link it to the user.

6. Create a Subscription

Use Stripe Checkout or create subscriptions directly from the backend.

const subscription = await stripe.subscriptions.create({
  customer: customer.id,
  items: [
    { price: "price_id_here" },
  ],
});

This starts billing the customer based on your pricing plan.

7. Handle Webhooks

Webhooks tell your backend when something changes, like:

Payment success
Payment failure
Subscription canceled

Create a webhook endpoint:

import express from "express";
import bodyParser from "body-parser";

const app = express();

app.post(
  "/webhook",
  bodyParser.raw({ type: "application/json" }),
  (req, res) => {
    const event = JSON.parse(req.body);

    if (event.type === "invoice.payment_succeeded") {
      console.log("Payment successful");
    }

    if (event.type === "customer.subscription.deleted") {
      console.log("Subscription canceled");
    }

    res.json({ received: true });
  }
);

NOTE: This is just a demo and getting started code, please refer the documentation and implement according to your application needs.

Use webhooks to:

Enable or disable features
Update subscription status in your database

Frontend Configuration (Quick Note)

On the frontend, you’ll usually:

Redirect users to Stripe Checkout
Or collect payment details using Stripe Elements

Stripe provides ready-made frontend tools so you don’t need to handle card data yourself.

👉 Frontend docs: https://stripe.com/docs/payments/checkout

Official Links

Backend Documentation: https://stripe.com/docs/api
Website: https://stripe.com/
Checkout Guide: https://stripe.com/docs/payments/checkout
Webhooks Guide: https://stripe.com/docs/webhooks

Resend: Send Transactional Emails Without the Complexity

Resend helps you send transactional emails from your backend easily and reliably.
This includes emails like:

Welcome emails
Login or magic link emails
Payment or subscription notifications

Instead of managing SMTP servers or complex email setup, Resend gives you a simple API that works well for SaaS products.

Key Features

Simple email-sending API
High email deliverability
Support for HTML and React email templates
Works well with Node.js backends
Minimal setup and clear logs

Why It’s Useful for SaaS

Every SaaS needs emails, but email infrastructure is often painful.

Resend helps you:

Send emails quickly without SMTP setup
Avoid common delivery issues
Keep email logic simple and clean
Focus on product logic instead of email servers

It’s especially useful for early-stage SaaS and MVPs.

How to Get Started (Backend Setup – Node.js)

Below is a simple backend setup using Node.js.

1. Create a Resend Account

👉 Website: https://resend.com

2. Install the Resend SDK

Install Resend in your backend project:

npm install resend

3. Add Environment Variables

Add your Resend API key to your environment variables:

RESEND_API_KEY=your_api_key

4. Send Your First Email

Create a Resend client and send an email from your backend.

import { Resend } from "resend";

const resend = new Resend(process.env.RESEND_API_KEY);

await resend.emails.send({
  from: "SaaS App <noreply@yourdomain.com>",
  to: ["user@email.com"],
  subject: "Welcome to our app",
  html: "<p>Thanks for signing up!</p>",
});

That’s it, your email is sent.

Frontend Configuration (Quick Note)

Resend is mostly used on the backend.
On the frontend, you usually just trigger backend APIs that send emails.

If you want nicer emails, Resend also supports React-based email templates.

👉 Email templates docs: https://resend.com/docs/dashboard/templates/introduction

Official Links

Documentation: https://resend.com/docs/introduction
Website: https://resend.com
Get Started: https://resend.com/docs/send-with-nodejs

UploadThing: Better file uploads

UploadThing helps you handle file uploads in your SaaS without building complex upload logic.
It takes care of file handling, storage, and validation so you don’t have to manage servers or storage APIs directly.

It works especially well with Next.js backends, but the idea stays the same: secure uploads with very little code.

Key Features

Simple and secure file uploads
File size and type validation
No custom storage setup needed
Works well with modern backend frameworks
Clean API and good developer experience

Why It’s Useful for SaaS

Many SaaS products need file uploads:

Profile pictures
Documents
Reports
Media files

Building uploads yourself takes time and is easy to get wrong.

UploadThing helps you:

Add uploads quickly
Avoid storage and security issues
Keep backend code simple
Focus on product features

How to Get Started (Backend Setup: Next.js / Node.js)

Below is a simple backend setup using Next.js API routes.

1. Create an UploadThing Account

👉 Website: https://uploadthing.com

2. Install the UploadThing SDK

Install UploadThing in your project:

npm install uploadthing

3. Add Environment Variables

Add your UploadThing API key to your environment variables:

UPLOADTHING_SECRET=your_secret_key
UPLOADTHING_APP_ID=your_app_id

4. Create an Upload Router (Backend)

Create a backend upload handler to define what files are allowed.

import { createUploadthing } from "uploadthing/next";

const f = createUploadthing();

export const uploadRouter = {
  fileUploader: f({
    image: { maxFileSize: "2MB" },
    pdf: { maxFileSize: "4MB" },
  }).onUploadComplete(({ file }) => {
    console.log("File uploaded:", file.url);
  }),
};

This controls:

Allowed file types
File size limits
What happens after upload

5. Expose the Upload Endpoint

Export your router so your app can use it.

import { createNextRouteHandler } from "uploadthing/next";
import { uploadRouter } from "./uploadRouter";

export const { GET, POST } =
  createNextRouteHandler({
    router: uploadRouter,
  });

Frontend Configuration (Quick Note)

On the frontend, you’ll:

Use UploadThing’s UI helpers
Connect them to your backend upload route

UploadThing provides ready-made components to make this easy.

👉 Frontend docs: https://docs.uploadthing.com

Official Links

Documentation: https://docs.uploadthing.com
Website: https://uploadthing.com

That's It.🙏

Building a SaaS that grows from MVP to production means choosing tools that scale with you. From authentication and billing to production intelligence and observability, these SDKs help you deliver value faster and more confidently.

If you find this guide useful, please like and share. Someone else building a SaaS might benefit too 💖

Connect with me on X, GitHub, LinkedIn

Kiran NaragundFollow

Tech Writer and Moderator @DEV ✦ Full-Stack Developer ✦ Mentor @Exercism ✦ Open-Source Contributor ✦ Email for Collabs :)

Enterprise AI Code Review in Real World Teams

Kiran Naragund — Thu, 26 Feb 2026 16:06:08 +0000

Hello Devs 👋

If you’ve only worked in small teams, adding AI code review feels almost trivial.

Install a tool.
Connect your repo.
Merge a PR and watch the comments roll in.

That is usually enough to get started.

Enterprise environments are a completely different story.

When you have:

300, 1,000, or even 10,000 developers contributing daily
Dozens or hundreds of repositories with different ownership models
Shared internal libraries that power half the company
Compliance requirements that are audited regularly
Multiple DevOps platforms coexisting across departments

AI review stops being a productivity experiment you try for a sprint.

It becomes an architectural decision that affects how the entire engineering organization works.

Let’s talk about what actually matters from a developer perspective.

What Changes in Enterprise Environments?

As developers, we usually think in very practical terms:

Does this comment actually help me improve the code?
Is this feedback technically accurate?
Is it going to slow me down while I am trying to ship?

At enterprise scale, the questions expand:

Will this behave consistently across all our repositories?
Is our proprietary code safe in the process?
Does this scale without flooding PRs with noise?
Can it enforce standards in a consistent and predictable way?

These are fundamentally different concerns compared to startup level tooling decisions. What works for 15 engineers does not automatically work for 1,500.

Multi Repo Reality

Most large companies are not running a single mono repo.

You will typically see:

A shared SDK repository used by multiple teams
Several microservices owned by different groups
Infrastructure as code repositories
Internal tooling and automation projects

Now imagine this scenario.

You change a shared interface in Repo A. That interface is consumed by 12 services spread across 8 other repositories.

A diff only review inside a single repo will not understand the blast radius. It cannot see how that change might ripple across dependent systems.

This is one of the biggest gaps I have noticed in many AI review tools.

They evaluate the pull request in isolation. Enterprises need tools that understand the system as a whole, not just the file that changed.

Platform Fragmentation Is Real

In large organizations, standardization is often aspirational rather than real. You will frequently find:

Azure DevOps in one department
Bitbucket in another
GitHub for open source initiatives
GitLab in specific regions or subsidiaries

If an AI review tool works well on only one platform, you are left with two uncomfortable options:

Fragment your tooling and accept inconsistent behavior
Force a company wide migration, which is rarely smooth or politically simple

From a developer perspective, consistency matters a lot. You do not want different review logic depending on which repository you happen to be working in that week.

Security and Deployment Constraints

This is where enterprise environments differ the most.

Many companies require:

SOC 2 compliance
On prem deployment options
Air gapped environments
Strict data retention and governance policies

If a tool requires sending proprietary code to an external service without clear controls, security teams will block it immediately.

As developers, we do not always see those conversations happening in the background. But they directly determine which tools we are even allowed to evaluate.

Comparing Tool Categories

Static Analysis Platforms

Example: SonarQube

What it does well:

Security scanning
Detecting code smells
Enforcing coverage thresholds
Providing compliance dashboards

Where it fits:

Baseline quality enforcement
Highly regulated environments

Where it does not help much:

Architectural reasoning
Cross repo impact awareness
Contextual AI style suggestions

It is reliable and predictable, but rule based.

Think of it as a guardrail. It keeps you within boundaries, but it does not actively review your design decisions.

Security Focused Platforms

Example: GitHub Advanced Security

Strong for:

Secret scanning
Dependency vulnerability detection
Improving overall security posture

Limitations:

Deeply centered around GitHub
Primarily focused on security, not full PR workflow
Does not reason about broader architecture

It protects you from known vulnerabilities.
It does not holistically improve pull request quality.

Lightweight AI PR Assistants

Example: CodeRabbit

Pros:

Very quick setup
Clear PR summaries
Useful for smaller, self contained repositories

Cons at scale:

Diff only analysis
Limited contextual awareness
Can become noisy in complex systems
Fewer governance controls

For a 20 developer team, this can be more than enough.

For a 1,000 developer organization with shared dependencies and layered architecture, it often falls short.

Context Aware Enterprise AI Review

Example: Qodo

This category aims to address:

Multi repo indexing
Dependency awareness
Cross repo impact detection
Custom rule enforcement
Flexible deployment models

From a developer standpoint, the real questions are simple:

Does it understand more than just my diff?
Are the suggestions precise and actionable?
Does it reduce back and forth during review?
Do engineers actually accept the suggestions?

If developers ignore the comments, the tool slowly fades into background noise. Adoption is earned, not mandated.

What Developers in Enterprises Actually Care About

When I talk to engineers in large organizations, their concerns are very pragmatic:

Is this going to slow my PR down?
Am I going to waste time dismissing false positives?
Does it understand our internal patterns and conventions?
Will it block my merge for the wrong reasons?

At enterprise scale, trust becomes everything.

A high acceptance rate matters more than impressive sounding AI explanations.

Precision beats volume.

A tool that leaves five accurate comments is more valuable than one that leaves fifty generic ones.

A Simple Enterprise Checklist

If I were evaluating AI code review in a large organization, here is what I would personally verify:

✅ Works consistently across Azure DevOps, Bitbucket, GitHub, and GitLab
✅ Understands multi repo dependencies and shared libraries
✅ Supports cloud, on prem, or air gapped deployment
✅ Demonstrates strong security posture and compliance certifications
✅ Allows custom rules aligned with team specific standards
✅ Shows real developer adoption, not forced usage metrics
✅ Scales beyond 100 developers without overwhelming PRs

If a tool fails two or three of these, it will likely struggle during enterprise rollout.

At the end of the day, AI code review in large organizations is not about adding more comments to pull requests. It is about building a system that developers trust, security teams approve, and architecture teams can rely on long term.

Thank You!!🙏

Thank you for reading this far. If you find this article useful, please like and share this article. Someone could find it useful too.💖

Connect with me on X, GitHub, LinkedIn

Kiran NaragundFollow

Tech Writer and Moderator @DEV ✦ Full-Stack Developer ✦ Mentor @Exercism ✦ Open-Source Contributor ✦ Email for Collabs :)

Can AI Code Review Actually Improve DORA Metrics?

Kiran Naragund — Thu, 19 Feb 2026 16:01:06 +0000

Hello Devs 👋

We talk a lot about AI speeding up coding.

You’ve probably seen numbers like:

"AI increases developer productivity by 25 to 35 percent."

Honestly that feels true, and multiple surveys and reports do show developers reporting significant boosts in productivity and time saved on routine tasks due to generative AI tooling. For example, large industry surveys show more than 80 percent of developers saying AI improved their individual productivity, and real-world telemetry showing task completion rising significantly with AI assistance.

Autocomplete feels better. Boilerplate goes faster. Refactoring can take fewer keystrokes.

But here’s something I’ve been thinking about lately:

If we are writing code faster, are we reviewing it faster too?

Because if review becomes the bottleneck, DORA metrics won’t improve. They might even get worse.

Let’s break this down in simple terms.

First, What Are DORA Metrics?

The DevOps Research and Assessment program defined four key engineering metrics:

Deployment Frequency
Lead Time for Changes
Change Failure Rate
Time to Restore Service

These metrics basically answer:

How often do you ship?
How long does it take to ship?
How often does it break?
How fast do you fix it?

If AI code review truly helps engineering performance, we should see positive movement across these.

Read more about DORA here 👉 https://getdx.com/blog/dora-metrics

The AI Code Review Paradox

Recent industry data suggests something surprising: teams with high AI adoption often see code review time increase sharply, even as code output rises. In Faros AI’s 2025 data, code review time grew by around ~91 percent as the volume and size of pull requests (PRs) increased.

That raises a question:

Why would review take longer when code is written faster?

Possibilities:

More PRs are being created
Larger diff sizes requiring deeper review
"AI-generated but needs cleanup" code is common
Reviewers double-check AI output carefully given trust concerns

So while coding accelerates, review capacity does not automatically scale to match.

That’s the paradox.

Let’s Connect AI Review to Each DORA Metric

Instead of looking at tools, let’s think logically.

1️⃣ Deployment Frequency

If reviews are faster, PRs merge faster.

If PRs merge faster, deployments can happen more often.

AI review can help by:

Giving instant feedback on PR creation
Catching obvious issues before a human reviewer steps in
Reducing back-and-forth cycles

But this only works if:

The feedback is accurate
Developers trust it

If it’s noisy, it slows things down instead.

2️⃣ Lead Time for Changes

Lead time = commit → production.

Where does most delay happen?

Usually:

Waiting for review
Fixing issues after review
CI failures

If AI review catches issues immediately inside the PR, it can reduce:

Rework cycles
Manual review load
Idle waiting time

Some organizations estimate meaningful time savings per PR when review insights trigger faster fixes, which compounds across a team.

3️⃣ Change Failure Rate

This measures how often deployments lead to failures.

Quality matters here.

Data from several sources shows that larger PRs and heavier reliance on AI-generated content can increase bug rates unless issues are caught before merge. In the Faros dataset, bug rates rose slightly even as output increased.

If review catches high-severity issues earlier:

Fewer production incidents
Fewer hotfixes
Less rollback stress

But false positives or poor insight quality don’t help. High-signal detection does.

4️⃣ Time to Restore Service

This one is indirect.

Better code quality means fewer incidents, and thus less firefighting.

AI alone doesn’t magically accelerate incident resolution, but it can prevent some incidents in the first place, easing the load on on-call teams.

Where Different Tools Fit

Now let’s look at tools categories:

Diff-First AI Review Tools

These look mainly at what changed in the PR.

Examples include lightweight PR assistants and AI summaries.

Pros:

Fast feedback
Easy setup
Helpful for small changes

Cons:

Limited context
Can miss architectural issues
Sometimes noisy

If developers start ignoring comments, DORA does not improve.

Static Analysis Tools

Rule-based analyzers like SonarQube catch security bugs, code smells, and other structural issues.

Pros:

Strong baseline quality checks
Good compliance signals

Cons:

Rule-based rather than contextual
Doesn’t inherently reduce review friction unless integrated deeply

Context-Aware AI Review

More advanced systems tools, like Qodo, try to analyze broader context beyond just the diff.

The idea is:

Understand surrounding files
Recognize patterns in your codebase
Provide more precise suggestions

If precision is high and developers trust it, this can meaningfully reduce review cycles.

If not, it becomes another notification stream to ignore.

What the Data Suggests

Here’s what current reports indicate:

High AI adoption can increase review time if processes don’t adapt, because PR volume and size grow faster than review capacity.
Developers widely report productivity improvements from AI while expressing mixed confidence in AI-generated code.
Survey data shows many developers remain cautious about trusting AI output and often verify it manually.

The key insight for me:

AI code generation alone does not improve DORA metrics.

AI review maturity does.

My Honest Take

If you are:

Writing more code because of AI
Creating more PRs
Increasing review load

Then you need to scale review alongside generation.

Otherwise:

Deployment frequency stalls
Lead time increases
Review fatigue grows

AI code review can improve DORA metrics.

But only if:

It integrates directly into your PR workflow
It provides high-signal feedback
Developers actually trust it

Without trust, metrics don’t move.

And that’s the part most discussions skip.

Thank You!!🙏

Thank you for reading this far. If you find this article useful, please like and share this article. Someone could find it useful too.💖

Connect with me on X, GitHub, LinkedIn

Kiran NaragundFollow

Tech Writer and Moderator @DEV ✦ Full-Stack Developer ✦ Mentor @Exercism ✦ Open-Source Contributor ✦ Email for Collabs :)

Setting Up AI Code Review in Bitbucket: A Practical Guide and Comparison⚖️

Kiran Naragund — Sun, 15 Feb 2026 06:53:25 +0000

Hello Devs 👋

If your team uses Bitbucket and you’re exploring AI code review tools, you might have noticed that many discussions online focus on GitHub. But Bitbucket is widely used too especially companies deep in the Atlassian ecosystem, and the experience with AI review tools varies a lot depending on platform support.

In this post, we’ll cover:

How tools integrate with Bitbucket
Setup complexity and time to value
Review quality you can expect
A comparison of Qodo, SonarQube, and CodeRabbit

Let’s get started 🚀

Bitbucket + AI Code Review: What You Should Know

Most Bitbucket teams use one of these:

Bitbucket Cloud
Bitbucket Data Center (self-hosted)
Bitbucket Pipelines for CI/CD

A good AI review tool should:

Support Bitbucket Cloud (minimum)
Ideally support Data Center too
Fit directly into your Pull Request workflow

There are usually 2 integration styles:

✅ Native Integration

You install the app from the marketplace, grant workspace access, and it comments directly on PRs using official APIs.

🔁 Webhook / API Setup

You generate tokens, connect via webhook, and the tool listens for PR events.

Both work, but the difference is how much setup and maintenance you deal with.

What I Look For in an AI Review Tool

When evaluating tools for Bitbucket teams, I focused on four things:

🔌 Integration Requirements

How easy is it to connect to Bitbucket Cloud or Data Center?

🧰 Setup Complexity

How long until you get value?
Is there heavy configuration?

🧠 Review Quality

Is the feedback useful?
Is it noisy?
Does it understand context?
Or does it only analyze diffs?

🔁 Ongoing Maintenance

Do I need to constantly tune rules and tokens?

🧩 Qodo: Context-Aware AI Reviews

Qodo supports Bitbucket integration and provides official setup documentation for both Cloud and Data Center.

Integration & Setup

Bitbucket Cloud

Sign in to Qodo.
Install the Bitbucket app.
Grant workspace access.
Select repositories.

That’s it.

Once connected, Qodo starts reviewing pull requests automatically.

Bitbucket Data Center

Upload plugin/app
Configure authentication tokens
Connect repositories

It works well if you’re self-hosted and have admin access.

Bitbucket Pipelines

You can trigger Qodo in CI using Bitbucket Pipelines.

Important:
PR comments come from the app integration, not directly from pipelines.

What You Get

Native PR comments
Multi-repo support
Team-level workflow integration

Review Quality

Qodo builds context from:

Your codebase
PR history
Related files

Not just the diff.

This usually means:

Higher signal
Less random noise
Better architectural feedback

Setup Complexity

Medium.

It’s mostly a one-time setup if you have workspace admin access.

🧩 SonarQube: Static Analysis Inside Bitbucket

SonarQube is a well-known static analysis tool. It integrates cleanly with Bitbucket.

But important thing is:

It’s not AI code review.
It’s static analysis.

Integration & Setup

Install SonarQube (Cloud or self-hosted).
Connect Bitbucket repositories.
Add analysis step in Bitbucket Pipelines.
Configure Quality Gates.

Once configured, it:

Decorates PRs with issues
Fails builds if quality gates fail
Tracks coverage and duplication

Review Quality

Excellent for:

Security scanning
Code smells
Technical debt
Coverage metrics

But it does not:

Reason about architecture
Explain design trade-offs
Provide AI-style improvement suggestions

Setup Complexity

Medium.

You need CI configuration. After that, it runs consistently.

🧩 CodeRabbit: Fast PR Feedback

CodeRabbit supports Bitbucket Cloud and focuses on quick PR reviews.

Integration & Setup

Create a Bitbucket service account.
Generate an API token.
Connect CodeRabbit to workspace.
Webhook is installed automatically.
It starts reviewing PRs right away.

What You Get

PR summaries
Inline comments
Basic customization options

Where It Struggles

CodeRabbit is mostly diff-first.

It focuses on what changed in the PR.
In simple projects, that works well.
In complex systems with interdependencies, it can:
Miss deeper architectural issues
Produce noisy suggestions

Setup Complexity

Low to Medium.

Token + webhook setup takes a few minutes.

Side-by-Side Comparision

Tool	Bitbucket Support	Setup Effort	Review Style	Best For
Qodo	Cloud & Data Center	Medium	Context-aware AI	Larger teams & complex codebases
SonarQube	Cloud & Server	Medium	Static analysis	Compliance & quality gates
CodeRabbit	Cloud	Low-Medium	Diff-first AI	Small teams & quick feedback

🛠 Quick Setup Summary

Qodo + Bitbucket

Install Bitbucket app
Grant workspace access
Select repos
Optional: Add Pipeline triggers
Open PR → Get AI feedback

SonarQube + Bitbucket

Deploy SonarQube
Connect repos
Add Pipeline step
Configure Quality Gates
PRs get decorated with analysis

CodeRabbit + Bitbucket

Create service account
Generate API token
Connect workspace
Webhook installs automatically
PRs get inline feedback

🏁 Final Thoughts

All the three tools bring value. But they solve different problems:

Qodo → deeper, context-aware AI review
SonarQube → strict quality & compliance checks
CodeRabbit → fast, lightweight PR feedback

There’s no single best tool.

The right choice depends on:

Team size
Codebase complexity
How deep you want reviews to go
Whether you need compliance gates

If you’re running serious workloads on Bitbucket, AI review absolutely helps but only if the tool fits your workflow.

Thank You!!🙏

Thank you for reading this far. If you find this article useful, please like and share this article. Someone could find it useful too.💖

Connect with me on X, GitHub, LinkedIn

Kiran NaragundFollow

Tech Writer and Moderator @DEV ✦ Full-Stack Developer ✦ Mentor @Exercism ✦ Open-Source Contributor ✦ Email for Collabs :)

Top Vibe Coding Platforms You Should Try This Year🫵

Kiran Naragund — Mon, 09 Feb 2026 03:32:22 +0000

Hello Devs 👋

Coding is changing fast. Today, you don’t always need to write everything from scratch. Many new platforms focus on speed, simplicity, and good vibes. This style is often called vibe coding where you focus more on ideas and building, and less on setup and stress.

These tools are great for:

Beginners who want to build real apps
Indie hackers and founders
Developers who want to move faster

In this article, I’ll share some of the best vibe coding platforms you should try this year.

Let’s start with Rocket.new 🚀

Rocket.new

Rocket is a powerful vibe coding platform that helps you turn your ideas into real apps fast. You describe your vision in simple English and Rocket uses AI to generate a full-stack app, including backend, frontend, database, and deployment setup. It also comes with useful app templates that speed up your workflow and lower the time to launch.

Rocket fits the modern vibe coding mindset: focus on ideas, not boilerplate code.

Key Features

Generate full-stack web & mobile apps from a text prompt.
Extensive app templates for landing pages, dashboards, mobile apps, and more.
AI-powered backend setup (database, auth, API).
Figma-to-code conversion support.
Deploy options: Netlify, custom domain, app store (via code export).
Live preview & iterative chat-style edits.

Integrations

Rocket connects with popular tools and services so your app can do real things:

Figma: import designs and convert them into code.
Supabase: database, storage, and user authentication out of the box.
Netlify: one-click web deployment.
Stripe: add payments easily.
GitHub: push code for version control and collaboration.
Google Analytics: track how users interact with your app.
AdSense: monetize your site or app with ads.
OpenAI, Anthropic, Gemini, and Perplexity: build AI features like chat, search, and content generation.
Twilio and Resend: send SMS and emails from your app.

Along with this, Rocket supports adding any REST/OpenAPI service by example, which makes integrations flexible.

Why People Like It

You can start building with just plain language, no deep coding knowledge needed.
It automates backend setup and deployment in one place.
Ready templates make launching prototypes much faster.
Integrations with databases, auth, payments, analytics, etc., give real-world power.
You can export real source code.

Best For

Startup founders prototyping MVPs
Designers turning Figma screens into apps
Indie hackers testing product ideas
Non-developers who want production-ready code
Builders who want AI + templates for fast delivery

Try Now

Emergent.sh

Emergent is an AI-powered vibe coding platform that helps you build full-stack web and mobile apps using natural language prompts. You simply tell the AI what you want, and it designs, codes, tests, and deploys your app from start to finish.

The platform handles frontend, backend, databases, integrations, and hosting, so you don’t need deep coding skills to launch real applications.

Key Features

Natural language prompts turn words into working apps without traditional coding.
Builds full-stack web & mobile apps, not just visuals or prototypes.
AI agents handle coding, testing, debugging, and deployment steps.
Instant website builder with layouts, forms, and workflows.
GitHub integration for code sync and version control.
Private project hosting and team collaboration features on paid plans.

Integrations

Emergent supports popular tools to power production apps:

GitHub for code and version control.
Data connections like Google Sheets or Airtable (on Standard plan).
Deployment services and APIs, including payment integrations such as Stripe on higher plans.

Why People Like It

You can create real applications from plain language descriptions.
Full-stack app building and deployment in one place removes a lot of traditional work.
Free tier lets you test the workflow before paying.
GitHub sync and private hosting are included on paid plans.

Best For

Solo builders and entrepreneurs trying to launch MVPs fast.
Non-technical creators wanting production apps without traditional coding.
Freelancers and small teams who need frontend + backend in one place.
Projects that benefit from AI-driven app generation and deployment.

Try Now

Lovable

Lovable is an AI-powered vibe coding platform that lets you build full web applications and websites simply by describing what you want in natural language. You don’t need deep coding skills, the platform generates real code, sets up backend services like database and authentication, and helps you shape your ideas into working software.

Lovable also includes visual editing and deployment tools that make it easier to move from idea to launch quickly.

Key Features

AI-driven generation of web apps and sites from natural language prompts.
Full-stack support: frontend, backend, database, and authentication included.
Visual editor for design and UX tweaks without code.
Integration with Supabase for database and user management.
GitHub sync and code export for version control and ownership.
Easy deployment and sharing options.

Integrations

Lovable works with tools that help make your apps functional and ready to grow:

Supabase for database, authentication, and storage.
GitHub for version control and collaboration.
Deployment services (like Vercel or built-in hosting) for going live quickly.

Why People Like It

You can turn plain language ideas into real apps fast.
It handles both frontend and backend so you don’t juggle many tools.
Simplifies building software without deep code knowledge.
Collaborative workspaces help teams build together.

Best For

Solo builders and entrepreneurs testing product ideas.
Designers and non-technical makers who want working apps.
Small teams that want fast prototypes and MVPs.
Developers who want both AI help and editable code.

Try Now

v0 (by Vercel)

v0 is an AI-powered UI and frontend development tool by Vercel. It helps you turn natural language prompts into clean, production-ready frontend code, especially for React and Next.js projects.

Instead of trying to generate an entire app end-to-end, v0 focuses on what it does best: design systems, UI components, layouts, and frontend logic. You describe what you want, and the v0 chat agent generates modern, editable code that fits perfectly into the Vercel ecosystem.

It’s ideal for developers and designers who want to move fast on UI without sacrificing code quality.

Key Features

Generate React & Next.js UI components from natural language prompts.
Produces clean, readable, and exportable frontend code.
Chat-based iteration to refine layouts, styles, and behavior.
Built with modern tools like Tailwind CSS and React best practices.
GitHub sync for easy code ownership and collaboration.
One-click deployment to Vercel.
Starter templates and examples for faster setup.

Integrations

v0 works seamlessly with the modern frontend stack:

GitHub: sync generated components to your repository.
Vercel: instant preview and production deployment.
Figma: supports design-to-code workflows for UI inspiration.
Works alongside backend services (databases, APIs, auth) that you connect separately.

Why People Like It

Excellent for quickly building polished UIs without starting from scratch.
The generated code is clean and easy to customize.
Fits naturally into existing React / Next.js projects.
Great balance between AI assistance and developer control.
Perfect companion to Vercel’s frontend-first workflow.
Best For
Frontend developers who want to speed up UI work.
Designers translating layouts into real React components.
Founders building landing pages, dashboards, or MVP frontends.
Teams using Next.js + Vercel who want fast iteration without low-code lock-in.

Try Now

Bolt.new

Bolt is a powerful AI-driven full-stack coding platform that lets you build, edit, and deploy complete web applications right in your browser without setting up any local environment. You describe what you want in simple natural language and the AI helps create real code, including frontend, backend, and integrations, all the way to deployment.

This makes it a great choice for developers and non-technical builders who want fast results and flexible code.

Key Features

Browser-based full-stack IDE with code editor, terminal, and live preview, no local installs needed.
AI-powered app builder generates frontend, backend logic, and database code from natural language prompts.
WebContainers technology runs Node.js and npm packages directly in the browser.
Real-time collaboration for teams on shared projects.
Framework flexibility with React, Next.js, Vue, Svelte, Astro and more.
Manual editing and debugging available alongside AI generation.
Instant deployment including hosting and custom domains.

Integrations

Bolt.new connects with essential tools to power your projects:

GitHub version control and repo sync.
Database and auth services like Supabase.
Stripe for payment and commerce features.
Figma design import and asset workflows.
Integrated hosting, SEO tools, and analytics on paid plans.

Why People Like It

No environment setup everything runs in your browser.
AI turns plain language ideas into working apps quickly.
You can swap between chat-style commands and manual coding.
Great for prototypes, MVPs, dashboards, and real products.

Best For

Solo developers launching prototypes and MVPs.
Indie hackers and founders testing product ideas.
Designers who want functional prototypes without deep coding.
Small teams needing real-time collaboration.

Try Now

That's It.🙏

Thank you for reading this far. If you find this article useful, please like and share this article. Someone could find it useful too.💖

Connect with me on X, GitHub, LinkedIn

Kiran NaragundFollow

Tech Writer and Moderator @DEV ✦ Full-Stack Developer ✦ Mentor @Exercism ✦ Open-Source Contributor ✦ Email for Collabs :)

AI Code Review Tools That Actually Work with Azure DevOps 🧪

Kiran Naragund — Sat, 07 Feb 2026 15:31:59 +0000

Hello Devs 👋

If you’re using Azure DevOps, you’ve probably noticed something:

A lot of AI code review tools are clearly built with GitHub-first workflows in mind. They may say they support Azure DevOps, but most of the documentation and community experiences focus on GitHub, and integration depth varies widely. Existing tooling often feels complex setups for multi-repo environments with strict governance requirements.

I’ve spent time evaluating common AI review tools from the perspective of large teams using Azure DevOps, what actually works day to day and what limitations you should be aware of.

Let’s get started 🚀

Why Azure DevOps Is a Bit Different

Azure DevOps is popular in enterprise settings because it supports:

Complex pipelines and build workflows
Fine-grained access control
Large multi-repo environments
On-prem and restricted deployment modes

Most AI review tools today are optimized for GitHub workflows and may claim broad support, but real usage patterns show differences in integration quality, especially around pull request automation and deeper context awareness.

In practice:

Many tools operate at “diff-only” scope
Few maintain persistent cross-repo understanding
Enterprise deployment options (on-prem/air-gapped) are rare

Those limitations are manageable for small teams but not for orgs with 100+ engineers and interconnected services.

What I Looked For in an AI Code Review Tool

Before comparing tools, here’s what actually matters in real Azure DevOps workflows:

✅ Native Azure DevOps integration

Automated PR comments and checks without brittle mirroring hacks.

✅ Context beyond the diff

Understanding cross-repo dependencies, ticket history, and architectural implications.

✅ Enterprise deployment options

Ability to run in restricted environments with strong security controls.

✅ Signal vs noise

Suggestions should be actionable, not repeatedly nitpicky.

Tools I Compared

🧩 What Is Qodo?

Qodo (formerly Codium) is one of the more context-aware review tools I’ve come across. It integrates with multiple platforms including GitHub, GitLab, Bitbucket, and Azure DevOps and aims to infuse deeper system context into automated reviews rather than just surface diffs.

What It Does Differently

🧠 Context-Aware Reviews

Unlike tools that only inspect the changed lines, Qodo indexes the repository, relationships between files, and historical patterns to provide more meaningful review feedback.

This makes it better suited to catch issues that are not obvious from the diff alone, such as:

Cross-file dependency risks
Incomplete scope based on ticketing history
Potential architectural regressions

🤖 Actionable Suggestions

Qodo’s review feedback isn’t just a list of possible problems, it tries to reason about why an issue matters and how it relates to the rest of the code. That tends to make suggestions easier to trust and adopt.

🔐 Deployment Options

Official tool documentation notes that Qodo supports integration across major version control systems, including Azure DevOps, making it fit into existing workflows in enterprise environments.

Where Qodo Fits Best

Large teams with multi-repo architectures
Teams that want more than line-by-line feedback
Workflows where automated context-aware checks add real value

🧩 What Is SonarQube?

SonarQube is a widely adopted static analysis and code quality platform that integrates with CI/CD systems including Azure DevOps. It provides detailed metrics on security, maintainability, test coverage, duplication, and compliance rules.

What It Does Well

Static quality checks
Security scanning based on rule sets
Integration into build pipelines and quality gates

Where It Is Limited

SonarQube focuses on rule-based detection, not AI-driven review suggestions. It flags issues but usually doesn’t provide reasoning or deep context on how a change affects a system’s architecture.

This doesn’t make it a bad tool, it’s just optimized for compliance and static analysis, not context-aware AI review.

🧩 GitHub Copilot Review

GitHub offers an AI review experience inside its platform that augments pull request feedback. It can summarize diffs and highlight potential issues within the PR’s visible files.

What It’s Good At

Inline code suggestions
Diff-level issue highlighting
Quick summaries inside GitHub PR UI

What It’s Not Designed For

System-wide or multi-repo reasoning, its context stays within the current repository and visible diff.

Policy governance, merge gating, or enterprise deployment options

Many teams using AI reviewers confirm that these tools often feel like enhanced linters, and that they don’t automatically scale to deeper architectural issues.

Copilot is best thought of as an assistant during development, not a dedicated AI reviewer.

🧩 CodeRabbit

CodeRabbit is an AI-assisted tool that automatically reviews pull requests and provides inline comments and summaries. It can be triggered automatically or manually within PRs.

What It Does Well

Fast PR summaries and inline comments
Easy to adopt for GitHub workflows

Where It Falls Short

Focuses on diffs rather than broader repo context, documented in CodeRabbit’s own feature scope.

Does not provide enterprise governance features like merge gating or compliance enforcement

Independent community feedback reflects that CodeRabbit can provide useful review help for small or medium teams, but struggles with deeper codebase or architectural context.

🔍 Quick Comparison

Tool	Focus	Strength	Limitation
Qodo	Context-aware reviews	System-wide insights, multi-repo	More setup than diff-only tools
SonarQube	Static analysis	Compliance, quality metrics	No AI review reasoning
Copilot Review	IDE-centric assistance	Inline suggestions	Limited to diff/visible files
CodeRabbit	PR summaries	Quick simple feedback	Lacks cross-repo reasoning

🏁 Final Thoughts

AI code review isn’t about replacing humans. It’s about catching what humans often miss in complex codebases.

A frequent pain point discussed by developers is how most reviewers behave like traditional linters, surface-level comments with limited project context.

For teams using Azure DevOps at an enterprise scale, the hard part is not generating suggestions, it’s understanding how those suggestions fit into a broader codebase, cross-repo patterns, and governance workflows.

Among the tools compared here, Qodo best addresses that gap with deeper context reasoning and integration across both PRs and enterprise workflows.

👨‍💻 TL;DR

Use Qodo when you need context-aware reviews that look beyond the diff.
Use SonarQube for static analysis and quality compliance.
Use GitHub Copilot Review for quick inline suggestions.
Use CodeRabbit for lightweight PR summaries.

💡 As always, the right tool depends on your project size, workflow, and quality standards. 🫡

Thank You!!🙏

Thank you for reading this far. If you find this article useful, please like and share this article. Someone could find it useful too.💖

Connect with me on X, GitHub, LinkedIn

Kiran NaragundFollow

Tech Writer and Moderator @DEV ✦ Full-Stack Developer ✦ Mentor @Exercism ✦ Open-Source Contributor ✦ Email for Collabs :)

🔥I Built an Awwwards-Style Portfolio Using Antigravity🌀

Kiran Naragund — Sun, 01 Feb 2026 10:53:04 +0000

This is a submission for the New Year, New You Portfolio Challenge Presented by Google AI

About Me

Hello! 👋

I’m Kiran Naragund, a full-stack developer, open-source contributor, and someone who genuinely enjoys building things on the web. I like turning ideas (even unclear or messy ones) into usable, meaningful software.

This portfolio represents my journey so far: my education, professional experience, open-source work, projects, and the many experiments I’ve done while learning and growing as a developer.

For a long time, I wanted to build an Awwwards-style portfolio. something cinematic, interactive, and animation-heavy but without using no-code tools like Framer. I wanted to do it using the tech I actually work with every day. 🙃

More than a resume, I wanted this portfolio to tell my story. My personality, my taste in design, my curiosity for animations, and my love for clean but expressive interfaces.

That’s how this minimal yet cinematic portfolio came to life. 😉

Portfolio

Visit here: https://kirannaragund.com

⚠️ Note: Please view this on a desktop or laptop for the best experience. Some animations and interactions are designed specifically for larger screens. I promise it’s worth it 🙏

How I Built It

I built this portfolio using modern and familiar tools:

React.js with Vite for fast development and performance.
Tailwind CSS for styling and theming.
GSAP and Framer Motion for animations and page transitions.
Lenis for smooth scrolling.
Chart.js for visualizing open-source activity.
A few shadcn/ui components.

Development Process

I didn’t start this project with a perfect design. I started with experiments.

I built the site section by section, testing animations, breaking layouts, removing things, and rebuilding again. This portfolio went through multiple redesigns before reaching its current state.

All the content (experience, education, certifications, skills, open-source data) is managed through structured data files, making the site easy to update and scale.

Design Decisions

I made a few bold and slightly risky 😅 decisions while building this.

🎨 Themes (10 of them!)

I don't wanted only light and Dark theme as many websites commonly offer this. So I decided to implement 10 different themes:

Light, Dark, Purple, Ocean, Forest, Sunset, Rose, Midnight, Coffee, and Mint.

Each theme updates colors, SVGs, and UI elements consistently. My personal favorites are White and Rose 😍. Let me know in the comments which one you liked.

🧩 SVGs instead of images

Because of the multiple themes, static images didn’t feel right.
So I switched to custom SVGs that adapt dynamically based on the active theme. This helped maintain visual consistency across all themes.

🫥 Hidden elements for better UX

Some animations looked amazing on large screens but felt overwhelming or broken on smaller ones (like SVG motion paths in the What I Do section).

Instead of forcing them everywhere, I selectively hide elements to keep the experience clean and enjoyable.

🔀 Route-based page transitions

Instead of traditional loaders, I added animated page transitions.
Whenever you move between pages, you’ll see fun, route-specific messages appear briefly in the center of the screen.

It’s a small detail, but it makes navigation feel playful and alive.😄

Open Source Section (Beyond the Green Graph)

Most developer portfolios show the default GitHub contribution graph. I didn’t want to do that.

Instead of just showing green squares, I wanted visitors to see my actual open-source work in a clear and useful way. So I built a dedicated Open Source section where people can easily explore:

Organizations I’ve contributed to
Pull requests I’ve opened
Issues I’ve worked on
Contribution activity over time

This makes my open-source work more transparent and easier to understand. Anyone visiting the site can quickly see what I contributed, where I contributed, and how active I am, without needing to jump around GitHub.

For me, this felt more meaningful than a static activity graph.

What Google AI Tools Did I Use?

Antigravity IDE 🫡

I used Antigravity IDE for most of the development.

While building the site, I kept updating a plan.md file where I wrote ideas, page structure, animation plans, and things I wanted to improve. This file changed many times as the project evolved.

I often switched between different AI models inside the IDE, sometimes for planning, sometimes for refactoring code, and sometimes just to explore better ways to structure components or animations.

Gemini Nano Banana 📸

I used Gemini Nano Banana to generate mockups for my projects sections.

These both tools made the process smoother and helped me iterate faster.

What I'm Most Proud Of

Honestly, building this portfolio feels like a dream come true for me.

There was a time when I only imagined creating something like this. Now it’s live, and people can actually experience it. This project pushed me far outside my comfort zone and forced me to try things I had never done before.

Some things I’m especially proud of:

Learning and using GSAP for complex SVG paths and timeline-based animations.
Creating a custom Google-style loader animation that introduces the site in a playful way.
Adding route-based page transition animations with different messages for each section.
Building a custom animated cursor for smoother interactions.
Creating a fully theme-aware design system with 10 different themes that work consistently across the site.
Showcasing my open-source contributions using real data and charts, instead of a basic GitHub graph.
Making the site interactive and cinematic, without overwhelming the user.

This portfolio taught me patience. I experimented a lot, broke things often, and learned how small details can completely change how a product feels.

It’s not perfect but it’s honest. It represents how I think, build, and learn. And that’s what makes it special to me. 🙃

Made with love, hate, and too many revisions because perfection doesn’t arrive gracefully, it’s dragged out through frustration, stubbornness, and late-night bargaining with my laptop.

Thanks for reading, and I’d love to hear your feedback! 🙌

Kiran NaragundFollow

Tech Writer and Moderator @DEV ✦ Full-Stack Developer ✦ Mentor @Exercism ✦ Open-Source Contributor ✦ Email for Collabs :)

Have you seen your DEV Wrapped 2025 yet? 🎁

Kiran Naragund — Thu, 18 Dec 2025 04:53:57 +0000

Kiran Naragund

Dec 15 '25

🎉 DEV Wrapped 2025 – See Your Year in Code!

#discuss #devwrapped #programming #showdev

175

Comments 93

1 min read

🎉 DEV Wrapped 2025 – See Your Year in Code!

Kiran Naragund — Mon, 15 Dec 2025 21:50:00 +0000

Hey DEVs! 👋

Finally, the wait is over and here is your DEV Wrapped 2025 🎁

Inspired by Spotify Wrapped, DEV Wrapped turns your DEV activity into a personalized year-in-review, highlighting your top articles, most active months, favorite tags, and more!

Why I Made This

At the end of the year, I wanted a simple and fun way to reflect on my DEV journey, the posts I wrote, the topics I loved, and how consistent I was.
DEV is an amazing place to learn and share, and this project is my way of celebrating every win, whether big or small 💙

How It Works

Visit dev-wrapped.com
Enter your DEV username
Instantly see your stats, top posts, and charts in story format.
Share your results with friends!

Here’s my DEV Wrapped summary 👇

And my 2025 DEV profile overview 👇

DEV Wrapped uses only DEV Community’s public APIs to fetch publicly available data.
No authentication, passwords, or secret keys are required your data stays safe.

Try It Out

Check it out here: dev-wrapped.com

I’d love to hear your thoughts!

Did you find your stats surprising? 😁
Which music you liked? 😉
Found a bug? Let me know!

📸 Post a screenshot of your DEV Wrapped in the comments

Thanks for reading 🙏

Kiran NaragundFollow

Tech Writer and Moderator @DEV ✦ Full-Stack Developer ✦ Mentor @Exercism ✦ Open-Source Contributor ✦ Email for Collabs :)

🔥How I Automated Code Reliability with an AI Agent

Kiran Naragund — Sun, 30 Nov 2025 10:24:05 +0000

Hello Devs 👋

As developers, we all know how much time goes into repetitive checks:

Did we add proper error handling?
Are our functions following naming rules?
Did we write enough tests?
Are there hidden logic mistakes?
Is reliability getting better or worse?

These tasks are important… but doing them manually for every commit or PR is exhausting and eats up time we would rather spend actually building features.

So I asked myself:

🤔 What if I could create an AI agent that does all of this automatically?

And that’s how the Reliability Guardian Agent was born.

In this article, I’ll walk you through building this AI agent step-by-step using Qodo Command, in the simplest way possible. By the end, you’ll have a powerful reliability reviewer that works locally and inside GitHub Actions.

Let’s begin. 🚀

💡 What is the Reliability Guardian?

The Reliability Guardian Agent automatically analyzes your codebase to evaluate and improve:

Code reliability
Fault tolerance
Input validation
Test coverage
Error handling
Historical reliability trends

It uses both static analysis and behavior-style testing (like simulated mutation or fuzz testing) to find:

Logic inconsistencies
Weak or missing tests
Missing input validations
Unsafe or fragile code paths
Reliability regressions in recent commits

This agent can be used both locally and in automated CI/CD workflows, And gives you a clean reliability score from 0 to 10, with actionable suggestions.

⚙️ Installing Qodo Command

We’ll use Qodo’s Agentic Quality Workflows CLI to build and run the agent.

Install it globally:

npm install -g @qodo/command

Then log in:

qodo login

Once login is completed you'll receive an API key in the terminal.

The API key is also saved locally in the .qodo folder in your home dir, and can be reused (e.g., in CI).

Creating the Reliability Guardian Agent

1️⃣ Create the agent config
At your project root, create reliable-guardian-agent.toml

This file tells Qodo everything about your agent i.e instructions, arguments, strategy, and output format.

Now, paste the following configuration:

# Reliability Guardian Agent Configuration
version = "1.0"

[commands.reliability_guardian]
description = "Analyze and score project reliability by detecting logic conflicts, missing validations, weak tests, and historical reliability trends."

instructions = """
You are an expert reliability analyst agent. Your purpose is to evaluate the reliability of a software project by analyzing logic consistency, input validation completeness, and test suite robustness.
### Your mission:
1. **Analyze code for logic reliability**
   - Detect logical conflicts, contradictory conditions, or redundant branches
   - Identify missing input validation or unsafe operations (e.g., divide by zero, null dereference)
   - Recognize missing or ineffective exception handling
2. **Evaluate test robustness**
   - Perform mutation or fuzz testing to estimate how strong the existing tests are
   - Identify functions that lack test coverage or only test “happy paths”
3. **Compute a comprehensive reliability score**
   - Logic Consistency (30%)
   - Input Validation Coverage (30%)
   - Exception Safety (20%)
   - Test Effectiveness (20%)
   Provide an overall reliability score between 0–10.
4. **Detect reliability trends over time**
   - Use Git history to compare reliability results across recent commits or branches
   - Highlight improvement or regression in reliability score
5. **Suggest self-healing fixes**
   - Suggest specific code improvements such as adding missing validation, refactoring conflicting branches, or adding stronger test cases
   - Each fix suggestion should include a short code patch snippet where applicable
"""

arguments = [
    { name = "target_branch", type = "string", required = false, default = "main", description = "Branch to compare against for diff and reliability trend" },
    { name = "max_commits", type = "number", required = false, default = 5, description = "Number of past commits to analyze for historical reliability trends" },
    { name = "mutation_testing", type = "boolean", required = false, default = true, description = "Enable simulated mutation testing" },
    { name = "fuzz_testing", type = "boolean", required = false, default = true, description = "Enable fuzz-style reliability probing" },
    { name = "exclude_files", type = "string", required = false, description = "Comma-separated list of files to exclude (e.g., test mocks or migrations)" }
]

tools = ["qodo_merge", "git", "filesystem"]

execution_strategy = "act"

output_schema = """
{
  "type": "object",
  "properties": {
    "summary": {
      "type": "object",
      "description": "High-level summary of reliability issues and test robustness",
      "properties": {
        "files_analyzed": { "type": "number", "description": "Total number of source files analyzed" },
        "functions_checked": { "type": "number", "description": "Number of functions analyzed for logic reliability" },
        "total_issues": { "type": "number", "description": "Total reliability issues detected" },
        "critical_issues": { "type": "number", "description": "Number of critical logic or reliability flaws" },
        "reliability_score": {
          "type": "object",
          "properties": {
            "overall": { "type": "number", "minimum": 0, "maximum": 10 },
            "logic_consistency": { "type": "number", "minimum": 0, "maximum": 10 },
            "validation_coverage": { "type": "number", "minimum": 0, "maximum": 10 },
            "exception_safety": { "type": "number", "minimum": 0, "maximum": 10 },
            "test_strength": { "type": "number", "minimum": 0, "maximum": 10 }
          },
          "required": ["overall", "logic_consistency", "validation_coverage", "exception_safety", "test_strength"]
        },
        "trend": {
          "type": "object",
          "description": "Reliability trend compared to past commits",
          "properties": {
            "previous_scores": { "type": "array", "items": { "type": "number" } },
            "improvement": { "type": "number", "description": "Positive if reliability improved, negative if regressed" },
            "best_commit": { "type": "string", "description": "Commit hash with highest reliability" },
            "worst_commit": { "type": "string", "description": "Commit hash with lowest reliability" }
          }
        }
      },
      "required": ["files_analyzed", "functions_checked", "total_issues", "reliability_score", "trend"]
    },
    "issues": {
      "type": "array",
      "description": "Detailed list of individual reliability issues",
      "items": {
        "type": "object",
        "properties": {
          "file": { "type": "string" },
          "line": { "type": "number" },
          "severity": { "type": "string", "enum": ["critical", "high", "medium", "low"] },
          "category": { "type": "string", "description": "logic_conflict | validation_gap | weak_test | exception_risk" },
          "description": { "type": "string" },
          "suggestion": { "type": "string" },
          "code_patch": { "type": "string", "description": "Example of an automated fix or patch suggestion" }
        },
        "required": ["file", "severity", "category", "description"]
      }
    },
    "suggestions": {
      "type": "array",
      "description": "High-level reliability improvement recommendations",
      "items": {
        "type": "object",
        "properties": {
          "area": { "type": "string", "description": "validation | error_handling | logic | testing" },
          "description": { "type": "string" },
          "example_patch": { "type": "string" }
        },
        "required": ["area", "description"]
      }
    },
    "approved": { "type": "boolean", "description": "Whether project meets reliability standards" },
    "requires_changes": { "type": "boolean", "description": "True if reliability score < 7.0 or critical issues found" }
  },
  "required": ["summary", "issues", "suggestions", "approved"]
}
"""

exit_expression = "approved"

The fields of the agent file are:

Field name	Type	Description
`description`	string	Description of what your agent does. This field is required when an agent is run with `--mcp`.
`instructions`	string	Required field. Prompt for the AI models explailing the required behavior.
`arguments`	list of objects. Supported types: `'string' \| 'number' \| 'boolean' \| 'array' \| 'object'`	List of possible arguments that can be given to the agent. The arguments will be translated and forwarded to MCP servers.
`mcpServers`	string	List of MCP servers used by the agent
`tools`	list	List of MCP server names. Allows you to filter specific MCP servers that can be used by your agent
`execution_strategy`	"act" or "plan"	Plan lets the agent think through a multi-step strategy, act executes actions immediately
`output_schema`	string	Valid json of the wanted agent output
`exit_expression`	string (JSONPath)	Only applicable when `output_schema` is given. For CI runs, a condition used to determine if the agent run succeeded or failed.

Our agent accepts the following parameters:

Parameter	Type	Required	Default	Description
`target_branch`	string	No	`master`	Branch to compare for reliability diff and trend analysis
`max_commits`	number	No	`5`	Number of recent commits to analyze for reliability trends
`mutation_testing`	boolean	No	`true`	Enable simulated mutation testing
`fuzz_testing`	boolean	No	`true`	Enable simulated fuzz reliability probing
`exclude_files`	string	No	-	Comma-separated list of files to exclude (e.g. mocks, generated code)

2️⃣ Run the agent locally
You can run this agent by passing optional arguments

qodo reliability_guardian

With Advanced Configuration

# Compare with another branch
qodo reliability_guardian --target_branch=develop


# Analyze last 10 commits for reliability trend
qodo reliability_guardian --max_commits=10


# Run without mutation or fuzz simulation
qodo reliability_guardian --mutation_testing=false --fuzz_testing=false

The tool then analyzes your codebase and returns structured JSON output.

3️⃣ Output Format

The agent returns structured JSON output:

{
  "summary": {
    "files_analyzed": 4,
    "functions_checked": 8,
    "total_issues": 18,
    "critical_issues": 3,
    "reliability_score": {
      "overall": 3.5,
      "logic_consistency": 4.0,
      "validation_coverage": 3.0,
      "exception_safety": 4.0,
      "test_strength": 3.0
    },
    "trend": {
      "previous_scores": [2.2],
      "improvement": 1.3,
      "best_commit": "065f7c9",
      "worst_commit": "be1abae"
    }
  },
  "issues": [
    {
      "file": "src/payment.py",
      "line": 1,
      "severity": "critical",
      "category": "logic_conflict",
      "description": "Premium users get worse discount (15%) when amount > 100 compared to base premium discount (20%). This is a business logic contradiction.",
      "suggestion": "Invert the logic so higher amounts get better discounts (e.g., 25% for amount > 100, 20% otherwise)",
      "code_patch": "if user_type == 'premium':\n    discount = 0.25 if amount > 100 else 0.20"
    },
    {
      "file": "src/calculator.py",
      "line": 10,
      "severity": "critical",
      "category": "exception_risk",
      "description": "average() function will raise ZeroDivisionError when passed an empty list",
      "suggestion": "Add validation to check for empty input before division",
      "code_patch": "if values is None or len(values) == 0:\n    raise ValueError('values must be a non-empty sequence')"
    },
    {
      "file": "src/utils.py",
      "line": 1,
      "severity": "critical",
      "category": "exception_risk",
      "description": "safe_get() catches all exceptions with 'except Exception', masking programming errors and making debugging difficult",
      "suggestion": "Only catch specific exceptions (KeyError, TypeError) to avoid hiding unrelated bugs",
      "code_patch": "except (KeyError, TypeError):\n    return default"
    },
    {
      "file": "src/auth.py",
      "line": 5,
      "severity": "high",
      "category": "validation_gap",
      "description": "authenticate_user() accepts any types without validation; no None/empty checks",
      "suggestion": "Add type and empty string validation before authentication logic",
      "code_patch": "if not isinstance(username, str) or not isinstance(password, str):\n    return False\nif not username or not password:\n    return False"
    },
    {
      "file": "src/payment.py",
      "line": 1,
      "severity": "high",
      "category": "validation_gap",
      "description": "calculate_discount() lacks input validation for user_type domain and amount (negative values, type checking)",
      "suggestion": "Add validation for user_type and amount before processing",
      "code_patch": "if not isinstance(amount, (int, float)) or amount < 0:\n    raise ValueError('amount must be a non-negative number')\nif user_type not in ('premium', 'basic'):\n    raise ValueError(f'invalid user_type: {user_type}')"
    },
    {
      "file": "src/calculator.py",
      "line": 10,
      "severity": "high",
      "category": "validation_gap",
      "description": "average() lacks validation for non-numeric elements in the list",
      "suggestion": "Add type checking for all elements before processing",
      "code_patch": "if not all(isinstance(x, (int, float)) for x in values):\n    raise TypeError('all values must be numeric')"
    },
    {
      "file": "src/calculator.py",
      "line": 15,
      "severity": "medium",
      "category": "validation_gap",
      "description": "add_safe() has misleading name suggesting validation, but performs no type enforcement; will concatenate strings or raise TypeError with None",
      "suggestion": "Either add type validation or rename function to reflect actual behavior"
    },
    {
      "file": "tests/test_auth.py",
      "line": 6,
      "severity": "high",
      "category": "weak_test",
      "description": "test_auth_admin expects authenticate_user('admin','123') to return True, but actual implementation requires password 'secret'. Test is failing.",
      "suggestion": "Fix test to match actual implementation or fix implementation to match test contract",
      "code_patch": "def test_auth_success():\n    assert authenticate_user('admin', 'secret') is True"
    },
    {
      "file": "tests/test_auth.py",
      "line": 1,
      "severity": "high",
      "category": "weak_test",
      "description": "test_email_valid only tests happy path; missing tests for invalid emails, None, empty strings",
      "suggestion": "Add negative test cases for malformed emails",
      "code_patch": "def test_email_invalid_cases():\n    assert not validate_email('')\n    assert not validate_email('invalid')\n    assert not validate_email('a@b.')\n    assert not validate_email('@example.com')"
    }
  ],
  "suggestions": [
    {
      "area": "logic",
      "description": "Fix payment discount logic contradiction where premium users get worse discount for higher amounts. Invert the condition so amount > 100 gets 25% discount instead of 15%.",
      "example_patch": "if user_type == 'premium':\n    discount = 0.25 if amount > 100 else 0.20\nelse:\n    discount = 0.10"
    },
    {
      "area": "validation",
      "description": "Add comprehensive input validation across all functions: type checking, None checks, empty collection checks, domain validation for enums, and range validation for numeric inputs.",
      "example_patch": "if not isinstance(amount, (int, float)) or amount < 0:\n    raise ValueError('amount must be a non-negative number')\nif user_type not in ('premium', 'basic'):\n    raise ValueError(f'invalid user_type: {user_type}')"
    },
    {
      "area": "error_handling",
      "description": "Replace broad 'except Exception' clauses with specific exception types to avoid masking programming errors. Only catch expected exceptions like KeyError, TypeError, ValueError.",
      "example_patch": "try:\n    return d[key]\nexcept (KeyError, TypeError):\n    return default"
    },
    {
      "area": "validation",
      "description": "Strengthen email validation to reject malformed patterns like 'a@b.', '@example.com', 'a@@b.com'. Implement proper parsing with split and validation of local/domain parts.",
      "example_patch": "local, domain = email.split('@', 1)\nif not local or '.' not in domain:\n    return False\nlabel, tld = domain.rsplit('.', 1)\nreturn bool(label) and len(tld) >= 2"
    },
    {
      "area": "testing",
      "description": "Expand test coverage to include edge cases and negative tests: empty inputs, None values, type errors, boundary conditions, and invalid domain values. Fix failing test in test_auth_admin.",
      "example_patch": "def test_auth_failures():\n    assert authenticate_user('admin', 'wrong') is False\n    assert authenticate_user('', 'secret') is False\n    assert authenticate_user(None, 'secret') is False"
    },
    {
      "area": "testing",
      "description": "Implement mutation testing to measure test effectiveness. Current tests likely have weak mutation kill rate due to minimal assertions and lack of negative tests.",
      "example_patch": "# Run mutation testing with mutmut:\n# mutmut run --paths-to-mutate=src/\n# Expected improvement: mutation score from ~30% to >80% after adding edge case tests"
    }
  ],
  "approved": false,
  "requires_changes": true
}

This gives a fast, automated overview of what needs to be fixed.

🤖 Add Reliability Guardian to GitHub Actions

Now, The most common way to use this agent is through GitHub Actions to automatically review all your pull requests(PRs).

Let's create a github-action file for it.

GitHub Actions

name: Reliability Guardian Agent
on:
  pull_request:
    branches: [main, develop]

jobs:
  reliability-guardian:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
      checks: write

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Run Reliability Guardian Agent
        uses: qodo-ai/command@v1
        env:
          QODO_API_KEY: ${{ secrets.QODO_API_KEY }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          prompt: reliability_guardian
          agent-file: path/to/agent.toml
          key-value-pairs: |
            target_branch=${{ github.base_ref }}
            max_commits=5
            mutation_testing=true
            fuzz_testing=true

Now every PR gets an automatic reliability review.

No manual review overhead.
No missed edge cases.
No surprise runtime failures.

🎯 Why This Agent Saves Developers Massive Time

✅ Faster reviews: No more waiting on teammates for basic reliability checks.

✅ More consistent code: Same rules applied to every PR.

✅ More secure and stable builds: Many reliability issues are caught before merging.

✅ Developer time saved: Developers focus on building features, not repetitive reviewing.

✅ Customizable for any project: You can tune the rules, weights, and checks easily.

🎉 Final Thoughts

Qodo’s Agentic Quality Workflow is more than a CLI, it’s a new way of bringing intelligent automation into engineering teams.

The Reliability Guardian Agent is just one example of what you can build.
You can also create:

Performance auditors
Security checkers
Test writers
Documentation reviewers
Code refactoring assistants
And fully custom agents for your team

All using one simple, flexible agent file.

The cool thing is you can build your own agents according to your project specifications.😉

You can visit the agent repository which contains agents implementations examples.

Thank You!!🙏

Thank you for reading this far. If you find this article useful, please like and share this article. Someone could find it useful too.💖

Connect with me on X, GitHub, LinkedIn

Kiran NaragundFollow

Tech Writer and Moderator @DEV ✦ Full-Stack Developer ✦ Mentor @Exercism ✦ Open-Source Contributor ✦ Email for Collabs :)

5 Tools You Should Try Now🧙‍♂️🫵

Kiran Naragund — Mon, 24 Nov 2025 15:32:01 +0000

Hello Devs👋

In this rapidly evolving tech world, there are lots of dev tools getting launched every day. These tools have become increasingly popular for their flexibility, productivity, community support, and cost-effectiveness.

In this article I will be sharing some amazing tools which can quickly help enhance productivity, efficiency, and the overall quality of your work.

Let's get started 🚀

Qodo - AI Code Review Platform for the Enterprise SDLC

Qodo is the AI Code Review Platform that gives engineering organizations a dedicated quality layer across the entire software development lifecycle(SDLC).

It goes beyond code generation and simple linting, Qodo brings deep context intelligence, agentic automation, and continuous review to ensure code quality, maintainability, and compliance at scale.

What Qodo Delivers?

🔹 Code Analysis: Comprehensive, context-rich analysis reports that highlight structural issues, risks, and opportunities for improvement across the codebase.

🔹 Code Improvement Recommendations: Agentic code suggestions that identify bugs, security gaps, and maintainability issues, paired with best-practice solutions.

🔹 Code Explanation: Clear, technically grounded explanations of what the code does and how it behaves, enabling deeper understanding for developers and reviewers.

🔹 Test Suite Generation: Context-aware test cases that improve coverage, ensure correctness, and validate behavior across critical scenarios.

Supported Languages

Qodo provides deep review capabilities across a broad set of languages, including:

Python
JavaScript
TypeScript
Java
C++
Go
PHP …and more.

✅Try out Qodo

Penpot - The Design Tool for Design & Code Collaboration

Penpot is an open-source design and prototyping platform that allows you and your teams to create, collaborate on, and share design assets and prototypes. It provides a web-based interface for designing UI/UX components, creating interactive prototypes, and generating design specifications.

👇Here are some key features of Penpot:

✅ Design Tool: Create and customize UI/UX designs.

✅ Prototyping: Build interactive prototypes with transitions and animations.

✅ Collaboration: Collaborate with team members in real-time.

✅ Design System: Manage design assets and create reusable components.

✅ Open-Source: Fully open-source and community-driven.

Which one is better Figma vs Penpot?? Comment your thoughts.⬇️

✨Penpot repository has 41k+ stars on GitHub

Try Out Penpot

ChartDB - Visualize Your Database

ChartDB simplifies database management by offering an intuitive way to create, manage, and visualize your database schema. It’s especially useful for teams working on complex projects that require clear database architecture.

Key Features of ChartDB:

📊 Schema Visualization: Generate clear and interactive diagrams of your database structure.

🔗 Multi-Database Support: Works with popular databases like PostgreSQL, MySQL, and more.

🛠️ Query Builder: Write, test, and optimize SQL queries without leaving the platform.

🤝 Team Collaboration: Share schema diagrams and query results with team members for better communication.

Try Out ChartDB

AI/ML API - Integrate 300+ AI models through a single API

Have you ever wanted to include AI capabilities in your project?🤔 Now, AI/ML API makes it more easier.

AI/ML APIis a game-changing platform for developers and SaaS entrepreneurs looking to integrate cutting-edge AI capabilities into their products through a single API🤯

AIML API platform offers you access to a wide range of AI models, enabling you to easily integrate sophisticated AI functionalities into your application. It supports a wide range of AI technologies, including image generation, video analysis, chatbots, and more, providing tools for both beginners and experienced developers looking to leverage AI in their projects.

📢Here are some of the key features of AI/ML API👇

🛠️ Easy Integration: Simplified API for seamless incorporation into applications.

⚡ Fast Performance: 3x faster performance compared to traditional methods.

🔒 Security: Ensures the safety and privacy of user data and applications.

🌍 Accessibility: Available 24/7, allowing for global access and use at any time.

Try Out AI/ML API

PostHog - The Open-Source Product Analytics Suite

PostHog is an open-source product analytics platform that helps you understand how users interact with your apps. It brings analytics, feature flags, A/B testing, session replays, and event pipelines, all into a single unified toolkit.

If you're building a product and want full visibility into user behavior without sending data to third-party clouds, PostHog is a must-try.

Why Developers Love PostHog?

📊 Product Analytics: Track user events, funnels, retention, and trends—fully self-hosted or cloud-hosted.

🎥 Session Replay: Watch how users interact with your app to spot UX issues instantly.

🚩 Feature Flags: Roll out features gradually, run experiments, and target specific user segments.

🧪 A/B Testing: Test variations of features or UI changes and measure impact with statistically sound results.

🔄 Event Pipelines: Ingest, transform, and route events to tools like BigQuery, Snowflake, or your data warehouse.

💻 Open Source + Self-Host: Full control over data privacy, perfect for enterprise and compliance-driven teams.

Try Out PostHog

That's It.🙏

Thank you for reading this far. If you find this article useful, please like and share this article. Someone could find it useful too.💖

Connect with me on X, GitHub, LinkedIn

Kiran NaragundFollow

Tech Writer and Moderator @DEV ✦ Full-Stack Developer ✦ Mentor @Exercism ✦ Open-Source Contributor ✦ Email for Collabs :)

🚀 Build Custom AI Agents with Qodo Command

Kiran Naragund — Thu, 30 Oct 2025 17:37:55 +0000

Hello Devs 👋

I recently tried Qodo Command, a CLI that lets you build, run, and automate AI-powered agents right from your repository like a custom AI assistants that live in your codebase.✨

Unlike generic AI tools or one-off scripts, Qodo agents are configurable, versionable, and CI-friendly. You describe what the agent should do (in a TOML/YAML file), and it runs that behavior consistently across local dev, PR checks, and CI pipelines. That means smarter automation for code review, reliability checks, documentation audits, test generation whatever your team needs.

If you’ve ever wished for an assistant that enforces your project’s specific standards (not someone else’s), Qodo Command makes it possible.🫡

In this article I’ll cover:

What Qodo Command actually does?
Why it’s useful for dev teams and CI/CD workflows
How to use it step-by-step
A hands-on example: building a Clean Code Description agent that ensures your codebase remains clean, readable, and well-documented by reviewing docstrings, comments, and naming conventions.

Let’s dive in. 🚀

What is Qodo Command?

Qodo Command is a developer-first CLI that lets you create and run custom AI agents inside your development workflow.

Think of it as your personal automation engine powered by AI but instead of generic prompts, you define repeatable rules, logic, and behaviors for the agent in a config file.

Qodo Command supports:

Custom agent configuration
CI and automation integration
Interactive web UI mode
General code generation
Intelligent PR code review

If ChatGPT is a smart assistant you talk to, then Qodo Command is an AI teammate that lives in your repo and enforces your standards.

⭐️ Key Features

Interactive Chat Mode: Talk to an agent in natural language directly in your terminal (qodo chat), exactly like with Qodo Gen Chat.
Custom Agent Commands: Configure your own agent and define reusable workflows (qodo <command>).
Interactive Web UI mode: Run Qodo Command with --ui to interact with Qodo Command's chat in an interactive web UI.
Serve Agents as HTTP APIs: Turn any agent into a callable service (--webhook mode).
Model Control: Choose which AI model to use (Claude, GPT-4, etc.) with --model={model-name}.
Agent to MCP: Turn any agent into an MCP with --mcp.
Secure Integration: Use tools without exposing your API keys.

🚀 How to Install & Use Qodo Command

Now that you know what Qodo Command is, let's get it running.

npm install -g @qodo/command

To start using Qodo Command, you need to log in first:

qodo login

Once login is completed you'll receive an API key in the terminal.

The API key is also saved locally in the .qodo folder in your home dir, and can be reused (e.g., in CI).

Interactive AI Chat Mode

qodo chat

In this mode you can send prompts such as:

Write tests for the files in the auth directory

Add better logging througout my project

Use Qodo Merge to describe the changes in my working folder

And Qodo Command will follow your guidelines.

🛠️ Build a Custom Qodo Agent From Scratch

Now, Let’s create a Clean Code Documentation agent, an agent that reviews your repo for:

✔️ Missing docstrings
✔️ Outdated or misleading comments
✔️ Poor naming issues
✔️ Documentation consistency

1️⃣ Create the agent config
At your project's root directory level, create a file called clean-doc-agent.toml. This file will hold all agent files that Qodo Command will know and be able to call.

# Clean Code Description Agent Configuration
version = "1.0"

[commands.clean_code_description]
description = "Analyze code for clean, consistent, and accurate descriptions in docstrings, comments, and naming conventions"

instructions = """
You are an expert in code documentation and clean code practices. Your task is to:
1. Analyze code changes using Qodo Merge to identify documentation issues
2. Focus on:
   - Missing or incomplete docstrings
   - Outdated or incorrect docstrings/comments
   - Redundant or low-value comments
   - Inconsistent documentation styles
   - Poorly named functions, classes, or variables
3. Categorize findings by severity: Critical, High, Medium, Low
4. Provide clear, actionable feedback for each issue
5. Suggest improvements with concrete examples
6. Ensure that the documentation aligns with the actual behavior of the code
Return feedback that helps developers maintain a clean, readable, and maintainable codebase.
"""

arguments = [
    { name = "target_branch", type = "string", required = false, default = "main", description = "Branch to compare changes against" },
    { name = "severity_threshold", type = "string", required = false, default = "medium", description = "Minimum severity level to report (low, medium, high, critical)" },
    { name = "include_suggestions", type = "boolean", required = false, default = true, description = "Include improvement suggestions" },
    { name = "focus_areas", type = "string", required = false, description = "Comma-separated focus areas (docstrings, comments, naming)" },
    { name = "exclude_files", type = "string", required = false, description = "Comma-separated list of file patterns to exclude from analysis" }
]

tools = ["qodo_merge", "git", "filesystem"]
execution_strategy = "act"

output_schema = """
{
  "type": "object",
  "properties": {
    "summary": {
      "type": "object",
      "description": "High-level summary of documentation and naming quality issues found",
      "properties": {
        "total_issues": {"type": "number", "description": "Total number of issues identified"},
        "critical_issues": {"type": "number", "description": "Number of issues categorized as critical"},
        "high_issues": {"type": "number", "description": "Number of high severity issues"},
        "medium_issues": {"type": "number", "description": "Number of medium severity issues"},
        "low_issues": {"type": "number", "description": "Number of low severity issues"},
        "missing_docstrings": {"type": "number", "description": "Number of functions/classes missing docstrings"},
        "outdated_descriptions": {"type": "number", "description": "Number of outdated or incorrect docstrings/comments"},
        "redundant_comments": {"type": "number", "description": "Number of unnecessary or low-value comments"},
        "poor_names": {"type": "number", "description": "Number of functions, classes, or variables with unclear or inconsistent names"},
        "files_reviewed": {"type": "number", "description": "Total number of files analyzed"},
        "overall_score": {"type": "number", "minimum": 0, "maximum": 10, "description": "Overall documentation quality score (0-10)"}
      },
      "required": [
        "total_issues",
        "critical_issues",
        "high_issues",
        "medium_issues",
        "low_issues",
        "missing_docstrings",
        "outdated_descriptions",
        "redundant_comments",
        "poor_names",
        "files_reviewed",
        "overall_score"
      ]
    },
    "issues": {
      "type": "array",
      "description": "Detailed list of individual issues identified in the codebase",
      "items": {
        "type": "object",
        "properties": {
          "file": {"type": "string", "description": "Path to the file containing the issue"},
          "line": {"type": "number", "description": "Line number where the issue occurs"},
          "severity": {"type": "string", "enum": ["critical", "high", "medium", "low"], "description": "Severity level of the issue"},
          "category": {"type": "string", "description": "Category of the issue (e.g., docstring, comment, naming)"},
          "title": {"type": "string", "description": "Short title summarizing the issue"},
          "description": {"type": "string", "description": "Detailed explanation of the problem"},
          "suggestion": {"type": "string", "description": "Suggested fix or improvement"},
          "code_example": {"type": "string", "description": "Example of improved or corrected code"}
        },
        "required": ["file", "severity", "category", "title", "description"]
      }
    },
    "suggestions": {
      "type": "array",
      "description": "List of broader improvement suggestions for code cleanliness and documentation",
      "items": {
        "type": "object",
        "properties": {
          "file": {"type": "string", "description": "File path for the suggestion"},
          "type": {"type": "string", "description": "Type of suggestion (e.g., naming, docstring, structure)"},
          "description": {"type": "string", "description": "Description of the suggested improvement"},
          "implementation": {"type": "string", "description": "Recommended way to apply the suggestion"}
        },
        "required": ["file", "type", "description"]
      }
    },
    "approved": {"type": "boolean", "description": "Indicates if code meets cleanliness standards"},
    "requires_changes": {"type": "boolean", "description": "Indicates if changes are required before approval"}
  },
  "required": ["summary", "issues", "approved", "requires_changes"]
}
"""

exit_expression = "approved"

The fields of the agent file are:

Field name	Type	Description
`description`	string	Description of what your agent does. This field is required when an agent is run with `--mcp`.
`instructions`	string	Required field. Prompt for the AI models explailing the required behavior.
`arguments`	list of objects. Supported types: `'string' \| 'number' \| 'boolean' \| 'array' \| 'object'`	List of possible arguments that can be given to the agent. The arguments will be translated and forwarded to MCP servers.
`mcpServers`	string	List of MCP servers used by the agent
`tools`	list	List of MCP server names. Allows you to filter specific MCP servers that can be used by your agent
`execution_strategy`	"act" or "plan"	Plan lets the agent think through a multi-step strategy, act executes actions immediately
`output_schema`	string	Valid json of the wanted agent output
`exit_expression`	string (JSONPath)	Only applicable when `output_schema` is given. For CI runs, a condition used to determine if the agent run succeeded or failed.

Our agent accepts the following parameters:

Parameter	Type	Required	Default	Description
`target_branch`	string	No	`"main"`	Branch to compare changes against
`severity_threshold`	string	No	`"medium"`	Minimum severity to report (low/medium/high/critical)
`include_suggestions`	boolean	No	`true`	Include improvement suggestions in output
`focus_areas`	string	No	-	Comma-separated list of areas to review (docstrings, comments, naming)
`exclude_files`	string	No	-	File patterns to exclude from analysis

2️⃣ Run the agent locally
You can run this agent by passing optional arguments

# Run the agent to review code documentation
qodo clean_code_description

# Compare current changes against the main branch
qodo clean_code_description --target_branch=main

# Focus only on docstrings and naming issues
qodo clean_code_description --focus_areas=docstrings,naming

With Advanced Configuration

qodo clean_code_description \
  --target_branch=develop \
  --severity_threshold=medium \
  --focus_areas=docstrings,comments,naming \
  --exclude_files="tests/*,*.md" \
  --include_suggestions=true

3️⃣ Output Format

The agent returns structured JSON output:

{
  "summary": {
    "total_issues": 8,
    "critical_issues": 0,
    "high_issues": 3,
    "medium_issues": 4,
    "low_issues": 1,
    "files_reviewed": 5,
    "overall_score": 7.8,
    "missing_docstrings": 3,
    "outdated_descriptions": 2,
    "redundant_comments": 2,
    "poor_names": 1
  },
  "issues": [
    {
      "file": "src/utils/formatter.py",
      "line": 12,
      "severity": "medium",
      "category": "docstring",
      "title": "Missing function docstring",
      "description": "The function `format_name` lacks a docstring, making its behavior unclear.",
      "suggestion": "Add a concise docstring describing the purpose and parameters.",
      "code_example": "\"\"\"Format the input name by capitalizing each word.\"\"\""
    }
  ],
  "suggestions": [
    {
      "file": "src/models/user.py",
      "type": "naming",
      "description": "Rename variable `usrObj` to `user` for clarity",
      "implementation": "Use descriptive names that reflect purpose instead of type"
    }
  ],
  "approved": false,
  "requires_changes": true
}

Here is the full demo video 👇

Now, The most common way to use this agent is through GitHub Actions to automatically review pull requests.

Let's create a github-action file for it.

GitHub Actions

name: Clean Code Description Agent
on:
  pull_request:
    branches: [main, develop]

jobs:
  clean-code:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
      checks: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Run Clean Code Description Agent
        uses: qodo-ai/command@v1
        env:
          QODO_API_KEY: ${{ secrets.QODO_API_KEY }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          prompt: clean_code_description
          agent-file: path/to/agent.toml
          key-value-pairs: |
            target_branch=${{ github.base_ref }}
            focus_areas=docstrings,comments,naming
            severity_threshold=medium
            include_suggestions=true

Now every PR gets auto-reviewed by the agent ✅

🎯 Final Thoughts

Qodo Command is more than a CLI tool, it’s a new way to bring AI into engineering workflows:

👨‍💻 Runs locally like a dev tool
🛠 Acts inside CI/CD like a teammate
✅ Enforces your own engineering rules
🧠 Fully customizable AI agents (no servers needed)

With this setup, your repo has a Documentation Guardian watching every PR.

You can visit the agent repository which contains agents implementations examples.

Thank You!!🙏

Thank you for reading this far. If you find this article useful, please like and share this article. Someone could find it useful too.💖

Connect with me on X, GitHub, LinkedIn

Kiran NaragundFollow

Tech Writer and Moderator @DEV ✦ Full-Stack Developer ✦ Mentor @Exercism ✦ Open-Source Contributor ✦ Email for Collabs :)