I've been experimenting with AI-native software development over the past few weeks, building a self-hosted identity platform (Auth0 alternative) called Auth9.
What's interesting: almost all code was AI-generated, and the entire development lifecycle was driven by agent skills — from Rust backend to React frontend, from test cases to deployment scripts.
But the real challenge wasn't code generation — it was verification. I built a closed-loop pipeline: AI generates structured QA test documents (with SQL validation), humans review them, AI executes them via browser automation + DB queries, failures become tickets, AI fixes and re-tests. After 20 iterations, tickets get fewer and the app gets more polished — similar to how human engineers refine software, just faster.
I chose identity/access management as the test subject because it's complex enough to stress-test the methodology — real security requirements,multi-system coordination, and state complexity that manual testing can't cover.
As a tech lead who values extreme programming practices, I found that many XP risk management techniques — TDD, continuous integration, pair review — can be adapted for managing AI agents.
I've been experimenting with AI-native software development over the past few weeks, building a self-hosted identity platform (Auth0 alternative) called Auth9.
What's interesting: almost all code was AI-generated, and the entire development lifecycle was driven by agent skills — from Rust backend to React frontend, from test cases to deployment scripts.
But the real challenge wasn't code generation — it was verification. I built a closed-loop pipeline: AI generates structured QA test documents (with SQL validation), humans review them, AI executes them via browser automation + DB queries, failures become tickets, AI fixes and re-tests. After 20 iterations, tickets get fewer and the app gets more polished — similar to how human engineers refine software, just faster.
I chose identity/access management as the test subject because it's complex enough to stress-test the methodology — real security requirements,multi-system coordination, and state complexity that manual testing can't cover.
As a tech lead who values extreme programming practices, I found that many XP risk management techniques — TDD, continuous integration, pair review — can be adapted for managing AI agents.
Detailed writeup: https://github.com/gpgkd906/auth9/blob/main/docs/blog-ai-nat...