AI Coding Workflow
From a single idea to ongoing operations, AI coding isn't one-and-done — it's a loop across 4 phases and 12 stages. Each stage spells out why it matters, what to do, the common pitfall, and what you walk away with.
Next: how to work with the AI (collaboration playbook) →Plan
Think before you build — turn a fuzzy idea into a plan AI can execute.
- 1
Idea
Nail down what problem you solve and for whom — one sentence if you can.
- Why it matters
- If the direction is wrong, all the work after it is wasted — confirm it is worth building before you start.
- What to do
- Write one sentence — for whom, solving what — clear enough that a friend gets it.
- Common pitfall
- Cramming ten features in at once, so nothing ever gets finished.
- What you get
- A product pitch you can state in one sentence.
- 2
Spec
Break the idea into concrete features and rules so AI knows what “done” means.
- Why it matters
- AI only does what you say; when it is vague it guesses — and you usually find out too late.
- What to do
- List the core features, the user flow, and what is out of scope — hand it to AI as the brief.
- Common pitfall
- Treating wishes as specs, with no definition of done.
- What you get
- A feature list with acceptance criteria.
- 3
Architecture
Decide how frontend, backend and database fit together — draw before you build.
- Why it matters
- Decide how the pieces fit first, so later changes do not ripple through everything.
- What to do
- Ask AI to diagram how frontend, backend and database connect — understand it before moving on.
- Common pitfall
- Coding before the shape is clear, then hitting a wall when the architecture cannot hold.
- What you get
- An architecture diagram and your tech choices.
- 4
Planning
Slice work into small steps so AI focuses on one thing at a time.
- Why it matters
- Hand AI one giant task and it loses focus; small steps keep it precise.
- What to do
- Break features into small tasks that each finish and verify on their own.
- Common pitfall
- Steps too big and interdependent, so one blocker stalls them all.
- What you get
- An ordered checklist of tasks.
Build
AI writes, you steer — produce code that runs and reads clearly.
- 5
Implementation
AI writes the code to plan; you steer direction and add context.
- Why it matters
- This is where AI is strongest — but keeping the direction right is on you.
- What to do
- Give one task at a time, watch it write, add context on the fly, redo when it is off.
- Common pitfall
- Accepting AI’s code wholesale and moving on without understanding it.
- What you get
- Feature code that actually runs.
- 6
Code Review
Have another AI (or you) check the logic and maintainability.
- Why it matters
- “It runs” is not “it is well-built” — skip the check now and you owe it to future-you.
- What to do
- Have a second AI (or you) go segment by segment: is this right, is it maintainable?
- Common pitfall
- Checking only for bugs, never for readability or how easily it changes.
- What you get
- Cleaned-up code you can actually read.
Verify
The gates before launch — security, contracts, and tests, one by one.
- 7
Security Review
Hunt for holes: authz, input validation, secret leaks — required before launch.
- Why it matters
- A single hole can leak user data — this is the last line of defense before launch.
- What to do
- Ask AI to specifically check permissions, input validation, and secrets hardcoded into the code.
- Common pitfall
- Assuming “nobody would attack my little project” and skipping it entirely.
- What you get
- A list of holes, each with its fix.
- 8
Contract Validation
Confirm frontend and backend agree on data shapes so they actually connect.
- Why it matters
- When frontend and backend disagree on data shapes, the UI fails to connect and throws errors.
- What to do
- Confirm both sides agree on the fields sent and received — ideally sharing one schema.
- Common pitfall
- Each side coding alone, only to find names and types do not line up at integration.
- What you get
- One data contract both sides honor.
- 9
Integration Test
Wire the parts together and test them as a whole.
- Why it matters
- Each part works alone; together is no guarantee — you only know once it is wired up.
- What to do
- Have AI write tests that chain several features together along a realistic flow.
- Common pitfall
- Testing single features only, never the scenarios where they cooperate.
- What you get
- A set of integration tests that run automatically.
- 10
Runtime Test
Run it in a near-real environment and click through like a real user.
- Why it matters
- The feel and the real-environment quirks that auto-tests miss only show up when you click through by hand.
- What to do
- In a near-production environment, walk through the whole thing like a real user.
- Common pitfall
- Running it only on your own machine and assuming it must be fine.
- What you get
- A log of issues found by actually using it.
Operate
Ship and keep guarding — deploy, observe, iterate.
- 11
Deploy
Ship it live so the world can reach it (this site uses Cloudflare Pages).
- Why it matters
- Until it is live, nobody can reach it — deploy is what puts your work in users’ hands.
- What to do
- Pick a host (this site uses Cloudflare Pages), set up the domain and environment variables, then ship.
- Common pitfall
- Shipping with passwords and keys hardcoded straight into the code.
- What you get
- A public URL that outside users can reach.
- 12
Monitoring
After launch, keep watching: is it broken, is it fast, anything weird?
- Why it matters
- Launch is not the finish line — breakage, slowdowns, attacks: you should know before your users do.
- What to do
- Set up error alerts and basic metrics, check them regularly, and feed what you learn into the next round.
- Common pitfall
- Going silent after launch, so users notice the problem before you do.
- What you get
- A monitoring setup that alerts you first.