Advanced20 min1 prerequisite

Scale AI development across teams with governance, standardization, and best practices.

Enterprise Patterns

Learn how to implement AI development at scale, with governance frameworks, team standards, and organizational best practices.

Scaling Challenges

Individual vs Team AI Usage

Terminal
Individual Developer:
- Personal tool preferences
- Ad-hoc prompt styles
- Inconsistent outputs

Enterprise Team:
- Standardized tooling
- Shared prompt libraries
- Consistent code quality

Key Concerns at Scale

Terminal
Security:
- Code review for AI output
- Sensitive data exposure
- Supply chain risks

Quality:
- Consistency across team
- Technical debt accumulation
- Testing coverage

Compliance:
- License considerations
- Audit trails
- Regulatory requirements

Governance Framework

Tool Selection Policy

Terminal
# AI Tool Governance Policy

## Approved Tools
- **Code Generation**: Cursor (Pro tier), GitHub Copilot (Business)
- **Prototyping**: Lovable (Team plan), v0 (Pro)
- **CLI Agents**: Claude Code (with approved API keys)

## Approval Process
1. Security review of tool's data handling
2. Legal review of terms of service
3. IT approval for enterprise features
4. Training requirements completion

## Prohibited Uses
- Production secrets in prompts
- Customer PII in any AI context
- Code generation without review

Prompt Standards

Terminal
# Team Prompt Guidelines

## Required Context
All prompts must include:
- Technology stack versions
- Relevant coding standards reference
- Security requirements note

## Example Template
"""
[Context]
Next.js 15, TypeScript 5.3, our coding standards in .cursorrules

[Task]
Create a user profile component...

[Constraints]
- Follow existing patterns in components/
- Include error handling
- Add TypeScript types
"""

Team Configuration

Shared Cursor Rules

Terminal
# .cursorrules (committed to repo)

# Project Context
This is an enterprise SaaS application built with:
- Next.js 15 App Router
- TypeScript strict mode
- Tailwind CSS with custom design tokens
- Supabase for backend

# Coding Standards
- All components must have TypeScript interfaces
- Use named exports, not default exports
- Include JSDoc comments for public APIs
- Error boundaries around async components
- No inline styles; use Tailwind classes

# Security Requirements
- Sanitize all user inputs
- Use parameterized queries only
- Implement rate limiting on APIs
- Log security-relevant events

# Testing Requirements
- Unit tests for utility functions
- Integration tests for API routes
- E2E tests for critical user flows

# File Organization
components/           # Reusable UI components
  ui/                 # shadcn/ui components
  features/           # Feature-specific components
lib/                  # Utilities and helpers
app/                  # Next.js app router pages

GitHub Copilot Configuration

Terminal
// .github/copilot-settings.json
{
  "enabledLanguages": {
    "typescript": true,
    "javascript": true,
    "markdown": true
  },
  "enabledFeatures": {
    "codeCompletion": true,
    "docGeneration": true,
    "testGeneration": true
  },
  "contextFiles": [
    ".cursorrules",
    "tsconfig.json",
    "CODING_STANDARDS.md"
  ]
}

Code Review Process

AI-Generated Code Review Checklist

Terminal
## AI Code Review Checklist

### Security
- [ ] No hardcoded secrets or credentials
- [ ] Input validation present
- [ ] SQL injection prevention
- [ ] XSS prevention measures
- [ ] Proper authentication checks

### Quality
- [ ] Follows project patterns
- [ ] Types are properly defined
- [ ] Error handling is comprehensive
- [ ] No unnecessary complexity
- [ ] Performance considerations

### Testing
- [ ] Unit tests added/updated
- [ ] Edge cases covered
- [ ] Mocks are appropriate

### Documentation
- [ ] Code comments where needed
- [ ] API documentation updated
- [ ] Changelog entry added

Automated Review Gates

Terminal
# .github/workflows/ai-code-review.yml
name: AI Code Review

on: [pull_request]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      # Check for potential secrets
      - name: Secret Scanner
        uses: trufflesecurity/trufflehog@main

      # Static analysis
      - name: Run ESLint
        run: npm run lint

      # Type checking
      - name: TypeScript Check
        run: npx tsc --noEmit

  ai-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      # AI-assisted code review
      - name: AI Review Bot
        uses: your-org/ai-review@v1
        with:
          focus: |
            - Security vulnerabilities
            - Performance issues
            - Deviation from patterns

Knowledge Management

Prompt Library

Terminal
Organize team prompts:

prompts/
├── components/
   ├── form-component.md
   ├── data-table.md
   └── modal-dialog.md
├── api/
   ├── crud-endpoint.md
   ├── auth-middleware.md
   └── webhook-handler.md
├── testing/
   ├── unit-test.md
   ├── integration-test.md
   └── e2e-test.md
└── refactoring/
    ├── class-to-hooks.md
    └── add-typescript.md

Example Prompt Template

Terminal
# Form Component Prompt

## Usage
Generate form components with validation

## Template
"""
Create a [form type] form with these fields:
[list fields with types]

Requirements:
- Use react-hook-form with Zod validation
- shadcn/ui form components
- Show inline validation errors
- Loading state on submit
- Toast notification on success/error

Follow the pattern in components/forms/LoginForm.tsx
"""

## Example
"""
Create a user profile form with these fields:
- name (string, required, max 100 chars)
- email (email, required)
- bio (string, optional, max 500 chars)
- avatar (file upload, optional, max 5MB)

Requirements:
- Use react-hook-form with Zod validation
...
"""

Pattern Documentation

Terminal
# Pattern: API Route with Validation

## Description
Standard pattern for API routes with input validation,
error handling, and response formatting.

## Implementation
\`\`\`typescript
import { NextRequest } from 'next/server'
import { z } from 'zod'

const schema = z.object({
  // Define input schema
})

export async function POST(request: NextRequest) {
  try {
    const body = await request.json()
    const validated = schema.parse(body)

    // Business logic here

    return Response.json({ success: true, data })
  } catch (error) {
    if (error instanceof z.ZodError) {
      return Response.json(
        { success: false, errors: error.errors },
        { status: 400 }
      )
    }
    console.error('API Error:', error)
    return Response.json(
      { success: false, error: 'Internal error' },
      { status: 500 }
    )
  }
}
\`\`\`

## When to Use
- All API routes that accept user input
- Any endpoint that modifies data

Training & Onboarding

Developer Onboarding Checklist

Terminal
# AI Tools Onboarding

## Week 1: Foundation
- [ ] Complete company AI policy training
- [ ] Install approved tools (Cursor, Copilot)
- [ ] Configure with team settings
- [ ] Review prompt library
- [ ] Shadow senior developer using AI tools

## Week 2: Practice
- [ ] Complete 3 guided exercises
- [ ] First AI-assisted PR (with review)
- [ ] Review AI-generated code patterns
- [ ] Learn debugging AI output

## Week 3: Independence
- [ ] Independent AI development
- [ ] Contribute to prompt library
- [ ] Peer review AI-generated code

Skill Levels

Terminal
Level 1 - Novice:
- Basic completions
- Simple prompts
- Always requires review

Level 2 - Practitioner:
- Multi-file operations
- Context management
- Peer review AI code

Level 3 - Expert:
- Complex refactoring
- Custom prompt engineering
- Mentors others
- Reviews AI guidelines

Metrics & Monitoring

Productivity Metrics

Terminal
Track (carefully):
- Time from task start to PR
- Code review iteration count
- Bug rate in AI-assisted code

Avoid:
- Lines of code generated
- AI usage frequency
- Prompts per day

Quality Metrics

Terminal
# Quality Dashboard Metrics

code_quality:
  - test_coverage_percentage
  - type_coverage_percentage
  - lint_error_rate
  - security_vulnerability_count

ai_specific:
  - ai_code_review_rejection_rate
  - ai_generated_bug_rate
  - pattern_compliance_score

Security Considerations

Data Classification

Terminal
Never send to AI tools:
- Production credentials
- Customer PII
- API keys
- Internal IP addresses
- Security configurations

Safe to include:
- Sanitized code samples
- Public documentation
- Generic patterns
- Test/mock data

Audit Trail

Terminal
// Log AI tool usage for audit
interface AIUsageLog {
  timestamp: Date
  developer: string
  tool: string
  action: 'completion' | 'generation' | 'refactor'
  filesAffected: string[]
  // Never log actual prompts with sensitive data
  promptCategory: string
}

Summary

Enterprise AI patterns:

  • Governance: Clear policies and approved tools
  • Standards: Shared rules and prompt templates
  • Review: AI-specific review checklists
  • Knowledge: Centralized prompt libraries
  • Training: Structured onboarding programs
  • Metrics: Track quality, not quantity
  • Security: Data classification and audit trails

Next Steps

Learn about optimizing AI-generated code for production performance.

Mark this lesson as complete to track your progress