SShortSingh.
Back to feed

AI code writer and reviewer both missed a one-letter bug that broke production deploy

0
·1 views

A developer using Claude Opus to refactor a cron job helper found that both the AI writing the code and the AI reviewing it approved a change containing a critical module-system mismatch. The bug stemmed from naming a new helper file with a .mjs extension, which forced ES module semantics and caused a ERR_REQUIRE_ESM crash when the deployed environment loaded it via CommonJS require(). All local checks, including syntax validation and unit tests, passed cleanly because the incompatibility only surfaces at the deployed runtime's module resolution layer. A sibling file in the same directory contained a comment explicitly documenting the CommonJS-versus-ESM distinction, yet neither AI consulted it. The incident highlights that layering multiple AI reviewers does not expand verification coverage if both tools share the same blind spots in scope.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Choose AI Coding Models by Delegation Level, Not Raw Intelligence

A commentary piece argues that highly autonomous AI coding tools like Fable and Claude Opus may not suit engineers who have strong, established development preferences. The author draws on Simon Willison's observations to suggest that experienced developers often prefer steering a mid-tier model like Sonnet closely, rather than delegating broad decisions to a flagship model. The piece uses a manual-versus-automatic car analogy to illustrate how personal coding style influences which type of AI tool feels most natural. For developers without a fixed workflow, or those tackling large implementation tasks, delegating broadly to an autonomous model can be more efficient. The key takeaway is that model selection should be based on how much control a developer wants to retain over the development process, not simply on which model is most capable.

0
ProgrammingDEV Community ·

DevNestio Adds 5 Free Browser-Based Tools for GraphQL, Docker, and Email Analysis

A developer has released five new browser-based utilities on DevNestio, a platform that now hosts 172 free developer tools. The new additions include a GraphQL formatter, a Protobuf validator, a Docker Compose validator, a Dockerfile analyzer, and an email header analyzer. All tools require no sign-up, no file uploads, and function entirely offline using vanilla JavaScript in single HTML files. Each tool is designed for quick, in-browser checks — such as catching Dockerfile security issues, validating docker-compose configurations, or triaging suspicious emails via SPF, DKIM, and DMARC analysis. The project uses no external parsing libraries and includes over 80 Node.js assert tests to verify core logic independently of the browser.

0
ProgrammingDEV Community ·

GitHub Copilot Enterprise managed-settings.json Reaches General Availability

GitHub moved its enterprise managed-settings.json configuration feature to general availability on July 1, giving GitHub Enterprise Cloud administrators a single JSON file to centrally control Copilot behaviour in VS Code and the Copilot CLI. The file supports five documented settings covering plugin marketplace trust, enabled plugins, strict marketplace enforcement, bypass-permission mode, and model selection for users on Copilot Business or Enterprise seats. It is stored in the .github-private repository of a designated organization and can be configured via the AI Controls tab in enterprise settings or through an API endpoint. Copilot clients fetch the file on every authentication and refresh it hourly, with the server-side policy taking precedence over any local user configuration. A backward-compatible path at .github/copilot/settings.json remains available for organizations already using the older layout.

0
ProgrammingHacker News ·

Writers Warned of Rising Book Club and Book Review Scams

A new alert published on September 19, 2025, by the Writer Beware blog cautions authors about a resurgence of scams targeting the publishing community. The schemes involve fraudulent book clubs and fake book review offers, echoing the tactics of classic advance-fee fraud. Scammers typically pose as legitimate literary organizations to lure writers with promises of exposure or sales. Authors are advised to scrutinize unsolicited offers carefully before engaging or sharing personal and financial information.