Articles on The Culture of Code

Higher-Order Attacks on AI Code Agents

Mon, 06 Apr 2026 00:00:00 +0000

Direct prompt injection is just the beginning. Higher-order attacks manipulate agents into producing malicious code, propagating intent across systems, and persisting vulnerabilities long-term.

When Your AI Code Agent Becomes an RCE Engine

Sun, 05 Apr 2026 21:00:00 +0300

If your AI code agent treats repository content as instructions, any contributor can execute commands. This article maps the direct injection attack surface and practical defenses.

Javable: generate Java-friendly wrappers for Kotlin with KSP

Sat, 21 Mar 2026 00:00:00 +0000

Javable is a KSP2 processor that generates Java-friendly wrappers for Kotlin classes, turning suspend functions into CompletableFuture, Flow into Stream, and handling CoroutineScope lifecycle automatically.

kotlinx-schema: Three Ways to Generate JSON Schemas from Kotlin Code

Wed, 18 Mar 2026 00:00:00 +0000

Every time you rename a Kotlin function parameter, the hand-written JSON schema your LLM reads is wrong — and it fails silently. kotlinx-schema derives the schema from your Kotlin types directly, via three strategies that cover runtime and compile-time generation across all Kotlin Multiplatform targets.

Mokksy: a mock server that actually streams — and why your AI app needs integration tests

Sat, 28 Feb 2026 00:00:00 +0000

Why unit tests alone won’t save your LLM application in production, and how Mokksy — a Kotlin mock server with true SSE and streaming support — fills the gap that WireMock leaves wide open.

Open source deserves better than 'Move Fast'

Mon, 09 Feb 2026 00:00:00 +0000

Open-source libraries may power critical systems where failures have severe consequences. AI tools now eliminate the excuse of insufficient testing time, but engineers must own the final quality decision.

Introducing Kotlinx-schema: generate JSON Schema from Kotlin types and functions

Fri, 30 Jan 2026 00:00:00 +0000

Generate JSON Schema for Kotlin Multiplatform models and API functions, so your schema stays in sync with your code.

Weekend hack: Kotlin Symbol Processing Maven plugin

Sun, 16 Nov 2025 00:00:00 +0000

KSP only works with Gradle, leaving Maven users out in the cold. I built ksp-maven-plugin to fix that - minimal setup, auto-discovers processors, integrates with Maven’s lifecycle. Now you can use KSP-powered libraries like Room, Moshi, and Dagger in your Maven projects.

The cookie story: when build failures became sweet accountability

Sat, 19 Jul 2025 00:00:00 +0000

A deceptively simple rule transforms a chaotic development team: break the build, buy cookies. What starts as lighthearted motivation evolves into a psychological experiment in collective responsibility and technical excellence. Twelve developers, one trunk, zero tolerance for broken builds—watch as pair programming sessions intensify, commits shrink to surgical precision, and a team discovers that the path to engineering perfection is paved with chocolate chips and mutual accountability. Sometimes the most profound transformations begin with the smallest consequences.

LLM evaluation testing with promptfoo: a practical guide

Fri, 06 Jun 2025 00:00:00 +0000

This article shows how to implement automated testing for LLM applications using promptfoo with a real application server, addressing the challenge that traditional testing methods fail with non-deterministic AI responses. The guide demonstrates testing conversation memory, tool integration, content moderation, and performance using a financial chatbot built with Quarkus and LangChain4j.

Contract-first vs. code-first development: why API contracts matter from day one

Sat, 12 Apr 2025 00:00:00 +0000

Discover why starting with API contracts first—not code—leads to clearer, more maintainable microservices. Learn the differences between contract-first and code-first approaches, common pitfalls to avoid, and why even small teams building alpha products benefit from clearly defined interfaces from day one. Get practical workflow tips and see how this approach can dramatically reduce integration headaches as your system grows.

From monoliths to AI proxies: real-world strategy for testing and evolving LLM integrations

Mon, 18 Nov 2024 00:00:00 +0000

Integrating Large Language Models (LLMs) into production systems presents unique architectural, testing, and operational challenges. This article shares practical insights and solutions from real-world experience integrating LLMs into a customer interaction platform. It covers the evolution from a monolithic to a more modular AI Proxy architecture pattern, strategies for testing, deploying and monitoring LLMs, and the emerging Model Context Protocol (MCP) standard. Application developers and software architects will learn proven practices to build robust, reliable and responsible LLM-powered systems.

Kotlin extensions for LangChain4j

Sat, 09 Nov 2024 00:00:00 +0000

Discover Kotlin extensions for LangChain4j designed to transform the synchronous LangChain4j API into a modern, non-blocking experience with Kotlin Coroutines. Learn about key features including coroutine support for ChatLanguageModels, Kotlin Flow for streaming responses, external customizable prompt templates, and non-blocking document processing. Enhance your Kotlin programming skills and improve application efficiency by leveraging these powerful new tools.

Keeping your software healthy: the critical role of dependency updates

Sat, 13 Apr 2024 00:00:00 +0000

Discover best practices for effective dependency management in software development and learn strategies to keep your projects secure, efficient, and free of technical debt. This comprehensive guide covers the critical importance of regularly updating dependencies, utilizing automated tools and processes to streamline dependency management, fostering a culture of proactive updates through incentives and education, and implementing organization-wide dependency management strategies at scale. Whether you’re an application developer, software architect, or engineering manager, this article provides actionable insights to help you master dependency updates and ensure your software stays healthy and high-performing.

Spring Boot starters

Mon, 08 Apr 2024 00:00:00 +0000

This post discusses Spring Boot Starters and their importance to developers, who want to make the setup and configuration of Spring Boot applications a whole lot easier. It keeps dependencies organized, increases development speed, and grants you numerous options for customization and extension. This basically makes them indispensable in building all manner of applications with Spring Boot - from simple web applications to data access and security services. I showcase, with a practical example, how to create a custom Spring Boot Starter that consolidates logging configurations and standard dependencies across microservices. This guide provides step-by-step instructions on how to create and use a custom starter.

Code review best practices

Tue, 21 Sep 2021 00:00:00 +0000

Code review is a crucial practice in software development. One can design and write great software, but we are humans after all. And all humans make mistakes, so another pair of eyes is always helpful.

The review process might seem straightforward, but there are useful tips to make it less painful is some cases.

Running Testcontainers on dynamic ports

Mon, 13 Apr 2020 00:00:00 +0000

Running integration tests locally with Docker can be challenging when fixed ports are unavailable due to conflicts. This issue is compounded in shared CI environments where multiple workers are in use. However, using testcontainers can help overcome these obstacles by enabling the startup of Docker containers that listen on random ports.

Kotlin Playground shortcode for Hugo

Sat, 11 Apr 2020 00:00:00 +0000

Kotlin Playground is HTML component which creates Kotlin-aware editors capable of running code from HTML block elements. Here I explain how to embed runnable Kotlin code block in your Hugo-powered blog.

Spring Boot configuration best practices

Fri, 05 Jul 2019 13:59:34 +0000

Spring Boot comes with very neat configuration mechanism. Default application configuration is defined in one configuration file and environment specific setting in separate files. But still, this mechanism is often not used properly resulting in verbose and unmaintainable configurations.

What happens when you split systems into many microservices

Fri, 15 Feb 2019 00:00:00 +0000

Moving from monolithic applications into microservices is current trend in software design. Let’s identify some pros and cons of both architectures and challenges one may face during the system transformation.

Building data pipeline with Kotlin coroutines actors

Wed, 30 Jan 2019 00:00:00 +0000

This blog post demonstrates how to build a data processing pipeline using Kotlin coroutines and actors, showing both single-threaded and parallel implementations. It walks through creating a simple data pipeline using Kotlin’s channel and actor abstractions for clean concurrent programming. The post includes practical code examples of handling message passing between actors, managing thread pools, implementing back-pressure, and scaling from a basic sequential pipeline to a parallel version that processes data more efficiently. The explanation is backed by detailed logging output that illustrates how messages flow through the system and how parallel processing improves overall performance.

Applying courage in software development

Wed, 23 Jan 2019 00:00:00 +0000

Job is not a place for feats. But sometimes you have to be brave to overcome and complete that others considered impossible.

How does new Oracle JVM licensing encourage agility

Tue, 23 Oct 2018 00:00:00 +0000

Oracle’s revised JDK policy requires companies to update Java every 6 months to maintain free security patches, since only short-term OpenJDK builds remain free for production use. This pushes organizations to automate testing and embrace more frequent deployments, as manual testing of bi-annual updates would be too costly. The article suggests this change naturally leads companies toward shorter release cycles and faster market adaptation.

Common Java application anti-patterns and their solutions

Fri, 19 Oct 2018 00:00:00 +0000

Software projects often run into trouble when developers mix different code layers together. The article explains how this leads to rigid, brittle code that’s hard to update and reuse. Software architecture problems are examined through biological cell analogies. A practical guide follows for improving existing systems without full rewrites, focusing on testing, API design, and gradual changes.

Customizing REST API Error Response in Spring Boot / Spring-Security-OAuth2

Thu, 28 Jun 2018 00:00:00 +0000

Defining error format is important part of REST API design.

Spring-Boot and Spring Security provide pretty nice error handling for RESTful APIs out of the box. Although it has to be documented, especially when contract-first approach to API design is used.

It is good idea to follow some common format for error responses. But OAuth2 specification and Spring Boot format may not satisfy those requirements.

The Programmers Oath

Sat, 08 Jul 2017 00:00:00 +0000

A must-see speech by Robert “Uncle Bob” Martin on programmers responsibilities in digital world and 9 principles every programmer should follow (“The Coders’ Code”).

Logging policy

Tue, 28 Mar 2017 00:00:00 +0000

There are different points of view on how logging levels should be used in code. I will share mine.

My assumption is: “There should be no errors in logs when everything is fine.”

Maximizing efficiency with UI-first development: a client-centric approach to project success

Tue, 07 Mar 2017 08:48:34 +0000

One of the challenges for start-ups or any new project is to reduce the amount of work while still delivering a full-featured product. Agile methodologies address this challenge on the project management level. Let’s discuss another approach to address it on the architecture level: UI-first development.

How to Start Testing UI Before Backend is Ready

Thu, 23 Feb 2017 00:00:00 +0000

Testing web UIs before the backend is ready: create UI mockups first using fake data, turn them into a functional prototype, test thoroughly, then build the backend to match the UI data contract. Integrate frontend and backend at the end. Works for single-page apps and multi-page sites.

Developing in "dirty trunk"

Fri, 04 Mar 2016 22:26:24 +0000

The “dirty trunk” branching strategy involves committing directly to the main branch, with CI builds triggered on each commit. While simple, it requires discipline and quick fixes to maintain build stability. The article discusses pros, cons, and best practices for this approach.

Secure Java coding best practices

Sat, 01 Aug 2015 00:00:00 +0000

Making your web application flawless against security attacks is a challenge for every java developer. In this article I will briefly describe common practical development techniques that can help you to achieve it.

Secure Java logging with Logback

Sun, 26 Jul 2015 14:01:33 +0000

Deploying application into secure environment adds some restrictions on logging and log management. OWASP community gives some useful recommendations.

Implementing Automatic Reconnection for Netty Client

Wed, 08 Jul 2015 07:48:05 +0000

One of the first requirement of Netty ISO8588 client connector is the support for automatic reconnect.

One of the first receipts I came across was Thomas Termin’s one. He suggests adding a ChannelHandler which will schedule the calling of client’s connect() method once a Channel becomes inactive. Plus adding ChannelFutureListener which will re-create a bootstrap and re-connect if initial connection was failed.

Although this is a working solution, I had a feeling that something is not optimal. Namely, the new Bootstrap is being created on every connection attempt.

So, I created a FutureListener which should be registered once a Channel is closed.