Video by Erik Mclean / Pexels

AI-Augmented Engineering

The Architect
Still Has to
Know the Plan.

AI coding tools — Claude Code, Gemini CLI — are not a shortcut around engineering judgement. They are a force multiplier for engineers who already have it. The difference is knowing what good code looks like before asking for it.

See the Approach View the Work

Method

Component by
Component.
Architecture First.

Working with AI tooling productively means holding the full technical architecture in mind before a single prompt is written. The system design, data boundaries, security model, and deployment constraints are all established first. The AI then fills in components within a plan — not a substitute for one.

Each component is evaluated before it is merged. That evaluation covers correctness, security, performance, and whether it fits cleanly into the surrounding system. Code that passes a test but introduces an IDOR vulnerability or leaks session state does not pass a review.

01

Define the Architecture

Data model, service boundaries, auth patterns, and deployment topology are fixed before any code is generated. The AI works inside a plan, not around the absence of one.

02

Direct Component by Component

Prompts are scoped tightly — one endpoint, one module, one migration at a time. Loose prompts produce loose code. Precision at the prompt level keeps the output reviewable and replaceable.

03

Evaluate the Output

Every generated component is read, not just run. SQL injection surfaces at review, not in production. Insecure defaults — open CORS, hardcoded secrets, unvalidated input — are caught before they reach a deploy.

04

Ship and Iterate

CI/CD pipelines, automated tests, and infrastructure-as-code keep the delivery loop tight. What is shipped is production-grade — not a prototype left running indefinitely.

The Evaluation Layer

Secure Because
It Is Reviewed,
Not Hoped.

AI tools generate plausible code. They do not generate secure code by default. The difference is whether the person directing them understands what the output should look like — and can identify where it does not.

Security comes from understanding OWASP top 10 attack classes, being able to read authentication flows, and recognising when an ORM is bypassed in a way that opens injection. That knowledge does not come from the AI. It comes before it.

Auth & Access Control

JWT patterns, session boundaries, and RBAC reviewed on every backend component

SQL & Injection

ORM usage audited; raw query patterns flagged and parameterised before merge

Secrets & Config

Environment variable discipline enforced; no hardcoded credentials reach the repository

Input Validation

All external inputs validated at system boundaries; frontend assumptions never trusted on the backend

Built with AI Tooling

Shipped Products

Production software directed with Claude Code and Gemini CLI, from architecture to deployment.

Pipepin CRM screenshot

CRM · PropTech · Renewable Energy

pipepin.my.id

A map-based CRM built for renewable energy and property developers. Pipelines, contacts, and site data are managed directly on an interactive map — making spatial context central to the sales workflow, not an afterthought.

SvelteKit NestJS Mapbox PostgreSQL
NestJS Mapbox SvelteKit

Personal Website · Open Source

sutan.co.uk

This website. Built in TypeScript with Vite and Tailwind CSS, deployed via CI/CD to GitHub Pages. Designed and directed from scratch using Claude Code — a working proof of the method described on this page.

TypeScript Vite Tailwind CSS GitHub Pages
HTML5 Tailwind CSS
GTFS Viewer screenshot

Open Source · Go · Transit

gtfs-viewer

An open-source Go library and tool to explore GTFS public transit models on a map. Designed to be intuitive for planners and engineers alike — clean API, zero unnecessary dependencies, published on pkg.go.dev.

Go GTFS Mapbox Open Source
Go

Collaborate

Need Software That
Actually Works?

Whether you need a map-based application, a data pipeline, or a robust API — built quickly, correctly, and securely — get in touch.

upsutan@gmail.com