The most dangerous output is confident wrong code
Wrong code with hesitation? You investigate.
Wrong code delivered like a staff engineer wrote it? You merge — and meet prod at 2 a.m.
Hall of fame (things we've seen)
| Fiction | Reality check |
|---|---|
useServerAction() | Does it exist in your Next version? Cmd+click it |
@auth/helpers-v99 | Search npm — package real? |
experimental.magic: true | Read next.config docs |
| "Just drop the users table" | Read the migration SQL |
Env var STRIPE_WEBHOOK_SECRET set in chat | Is it in Vercel? |
The 30-second smell test
Before any AI-generated merge:
- Import exists — IDE navigation, not trust
package.jsonunchanged or you intended the addpnpm buildon your machine- Would you bet ₹500 it works first try?
Three "no" answers → do not merge.
Why it lies (without mysticism)
Models predict plausible text. Plausible ≠ true for your repo, your versions, your edge cases. Training data includes outdated blog posts, abandoned APIs, and other people's hallucinations.
Defence playbook
Pin the docs
Use Next.js 15 App Router official docs only. If unsure, say "I need the doc link" — do not invent APIs.
Team "burn book"
Keep a living doc: patterns that failed twice (wrong middleware shape, fake drizzle helper, etc.). Feed it into prompts.
CI is the referee
Lint, types, build, smoke test. AI does not get a pass because it sounded smart.
Real incident shape (composite)
- AI adds auth middleware with wrong cookie name
- Works on happy path locally (cached session)
- Staging: random logouts
- Root cause: middleware never ran on matcher — copy-paste from outdated tutorial
Fix time: 20 minutes. Ego damage: optional.
TL;DR
Skepticism is a core skill in 2026. Read the diff. Run the build. Bet small before you bet prod.
Next: AI in my editor
From the notebook
Building something? Let's ship it.
MVPs, AI-assisted dev, web & mobile — founder-led team in Delhi. Tell us what you're making.
Keep reading
All articlesExplore Quezt Labs