Best Programming Practices for Clean Code

I am an Engineering Manager working at Google with almost 20 years of experience. If I could sit down with a Jr. Software Engineer, here are 11 good pieces of advice I would tell them that I learned through my experiences… 1// If your app only serves around 10 users, a single server and a basic REST API will do the job. But if you’re handling 10 million requests a day, you need to start thinking about load balancers, autoscaling, and rate limiting. 2// If only one developer is building features, you can skip the ceremonies and just ship and test manually. But if you have 10 developers pushing code daily, it’s time to invest in CI/CD pipelines, multiple testing layers, and feature flags. 3// If a bit of downtime just breaks a single page, adding a banner and moving on is usually enough. But if downtime kills a key business flow, redundancy, health checks, and graceful fallbacks are absolutely necessary. 4// If you’re just consuming APIs, make sure you know how to handle errors like 400s and 500s. If you’re building APIs for others, you need to version them, document everything, test thoroughly, and set up proper monitoring. 5// If your product can tolerate a few seconds of lag, always pick code clarity over squeezing out a little more performance. But if users are waiting on every click, profiling, caching, and edge delivery need to become a part of your daily work. 6// If your data easily fits in RAM, keep things simple and store it in memory using maps. But if your data spans terabytes, you have to start thinking about indexing, partitioning, and optimizing for disk access patterns. 7// If you’re coding alone, poor naming might just annoy you. But in a growing team, bad names become a ticking time bomb for everyone. 8// If you’re only fixing bugs once a week, basic logs and console prints are probably enough. But when you’re running production systems, you need structured logs, tracing, real-time alerts, and dashboards. 9// If you’re up against tight deadlines, write the simplest code that gets things working. But if the code is meant to last, focus on readability, thorough testing, and making it easy to change in the future. 10// If you’re working alone, “it works on my machine” might be good enough. But in a real team, reproducible builds and shared development setups are the bare minimum. 11// If your app is new, move fast and don’t worry too much about cleaning up right away. But once your app is stuck in maintenance hell, you’ll pay the price for every rushed decision you made in the past. People think software engineering is just about building things. It’s really about: – Knowing when not to build – Being okay with deleting good code – Balancing tradeoffs without always having all the data The best engineers don’t just ship fast. They build systems that are safe to move fast on top of.

We brought down our API response time from 100+ ms to under 10 ms by making a simple perspective shift. It all started with a performance bug we couldn’t trace for weeks. We had built a system that worked well during testing. But under load, when we started handling millions of requests, it slowed to a crawl. Response times jumped from 50ms to over 300ms. And when you're operating at scale, even a few milliseconds can hurt user experience. We check everything, Query optimization, load balancers, autoscaling. Nothing helped consistently. Then one day, I sat down to look at our database access patterns. That’s when it hit me. We were updating records. A lot. Millions of times a day. Updates are the biggest resource hogs in a database. Especially when you're touching the same record over and over. They lock rows, consume I/O, and eat CPU cycles. So we flipped our mindset. Designed for inserts, not updates. We moved to an asynchronous model, using message queues like Kafka and RabbitMQ. Instead of blocking the API until everything is completed, we queued requests and processed them in the background. It slashed our API latency by 90%. We were over the moon. Because when you’re serving millions of users, saving a few milliseconds isn’t just a performance stat, it’s a competitive edge. Good code works. But great systems scale. #engineering #technology #coding

Stop turning Clean Architecture's famous diagram into a folder structure! This is a mistake I see developers make all the time. Heck, I was doing this for years until I understood. Clean Architecture was never about folders. It's about dependencies. When you organize by technical layers (Web, Business, Data), you scatter your business logic across the entire codebase. The solution? Package by component. Each component has one public interface and keeps all implementation details internal. This gives you real encapsulation, clear dependencies, and a codebase that reflects your business domain. Simon Brown's "missing chapter" in Clean Architecture teaches us this lesson: focus on organizing code around business capabilities, not technical layers. Software architecture should help you ship features faster, not slow you down with artificial constraints. I've explained this missing chapter in depth. Read it here: https://lnkd.in/egtkegJA

Clean code isn't just about readability —it's about creating maintainable, scalable solutions that stand the test of time. When we prioritize readability, simplicity, and thoughtful architecture, we're not just making our lives easier; we're creating value for our teams and organizations. A few principles that have made the most significant difference in my work over years: • Meaningful naming that reveals intent • Functions that do one thing exceptionally well • Tests that serve as documentation and safety nets • Consistent formatting that reduces cognitive load The greatest insight I've gained is that clean code is fundamentally an act of communication—with future developers, our teammates, and even our future selves. The time invested upfront pays dividends during maintenance, debugging, and onboarding. What clean code practices have transformed your development experience? I'd love to hear about the principles that guide your work. Image Credit - Keivan Damirchi

98.7% cost savings. One giant new attack surface. Last month, Anthropic published their approach to "Code Execution with MCP." It's just now making waves (in my timelines and inboxes, anyway), and as a self-professed AI nerd and Claude Code junkie, it just goes to show you how much is constantly changing. Anthropic wants you to let AI agents write TypeScript that calls multiple tools in sequence, instead of passing tool calls through the model one by one. Execute it in a sandbox. Return only what matters. The efficiency gains are real...but there are definite security implications. Your AI agents aren't just calling tools anymore. They're writing code. Then executing it. At machine speed. The good news is that Anthropic's approach includes sandboxing and PII tokenization. Sensitive data can flow between tools without ever touching the model's context. That's a meaningful security design choice, along with significant efficiency gains and savings in token costs. The bad news is that MCP itself still has fundamental security gaps. Those haven't gone away. The protocol doesn't mandate authentication. Session IDs sit exposed in URLs. Security researchers found critical RCE vulnerabilities in MCP implementations this year. Tool poisoning attacks hide malicious instructions in tool descriptions. Rug pulls swap legitimate tools for compromised versions after you've approved them. These aren't theoretical. They're documented. So what do you actually do? The OWASP GenAI Security Project recently released the OWASP Practical Guide for Securely Using Third-Party MCP Servers (attached to this post). There are 4 places to start:  1. Run MCP servers in containers. Docker provides isolation that prevents compromised servers from reaching your host.  2. Pin versions with checksums. Alert on unauthorized changes to tool descriptions.  3. Require human approval for sensitive actions. File system access, email, and database writes.  4. Build a governance workflow. Submission, scanning, review, staged rollout, re-validation. Treat MCP servers like third-party code. Because they are. The efficiency math works. Make sure your security math does too. 👉 Follow for AI and cybersecurity insights with the occasional rant. #AISecurity #MCP

Best Practices for Writing Clean and Maintainable Code One of the worst headaches is trying to understand and work with poorly written code, especially when the logic isn’t clear. Writing clean, maintainable, and testable code—and adhering to design patterns and principles—is a must in today’s fast-paced development environment. Here are a few strategies to help you achieve this: 1. Choose Meaningful Names: Opt for descriptive names for your variables, functions, and classes to make your code more intuitive and accessible. 2. Maintain Consistent Naming Conventions: Stick to a uniform naming style (camelCase, snake_case, etc.) across your project for consistency and clarity. 3. Embrace Modularity: Break down complex tasks into smaller, reusable modules or functions. This makes both debugging and testing more manageable. 4. Comment and Document Wisely: Even if your code is clear, thoughtful comments and documentation can provide helpful context, especially for new team members. 5. Simplicity Over Complexity: Keep your code straightforward to enhance readability and reduce the likelihood of bugs. 6. Leverage Version Control: Utilize tools like Git to manage changes, collaborate seamlessly, and maintain a history of your code. 7. Refactor Regularly: Continuously review and refine your code to remove redundancies and improve structure without altering functionality. 8. Follow SOLID Principles & Design Patterns: Applying SOLID principles and well-established design patterns ensures your code is scalable, adaptable, and easy to extend over time. 9. Test Your Code: Write unit and integration tests to ensure reliability and make future maintenance easier. Incorporating these tips into your development routine will lead to code that’s easier to understand, collaborate on, and improve. #CleanCode #SoftwareEngineering #CodingBestPractices #CodeQuality #DevTips

Building AI? Your internal models are becoming your biggest attack surface. As someone deep in the agentic AI space, this new Institute for AI Policy and Strategy (IAPS) report hit different. We’re all focused on shipping and scaling, but here’s what we’re missing:- The models we DON’T ship are becoming the most valuable targets. Real talk for builders:- Your staging environment >> production in terms of capability and risk. That internal model you’re using for code generation? It’s probably months ahead of anything public. State actors are coming for your weights. Not your APIs. Your actual model files. And most of us aren’t ready for that level of sophistication. Agent deployments = new threat vectors. When your AI can write code, access internal systems, and iterate on training—that’s not just powerful, it’s a potential backdoor at scale. What I’m changing in my workflow:- • Treating internal model security like production security (finally). • Implementing stricter access controls for our most capable internal agents. • Building monitoring for model behavior during training, not just inference. • Actually thinking through supply chain attacks on our AI stack. Hot take:- The companies that figure out secure internal AI deployment will have a massive competitive advantage. The ones that don’t… well, good luck keeping your IP safe. Fellow builders—how are you securing your internal AI workflows? What am I missing here? #BuildingAI #MLOps #AISecurity #InternalTools #StartupLife

In the last few months, I have explored LLM-based code generation, comparing Zero-Shot to multiple types of Agentic approaches. The approach you choose can make all the difference in the quality of the generated code. Zero-Shot vs. Agentic Approaches: What's the Difference? ⭐ Zero-Shot Code Generation is straightforward: you provide a prompt, and the LLM generates code in a single pass. This can be useful for simple tasks but often results in basic code that may miss nuances, optimizations, or specific requirements. ⭐ Agentic Approach takes it further by leveraging LLMs in an iterative loop. Here, different agents are tasked with improving the code based on specific guidelines—like performance optimization, consistency, and error handling—ensuring a higher-quality, more robust output. Let’s look at a quick Zero-Shot example, a basic file management function. Below is a simple function that appends text to a file: def append_to_file(file_path, text_to_append): try: with open(file_path, 'a') as file: file.write(text_to_append + '\n') print("Text successfully appended to the file.") except Exception as e: print(f"An error occurred: {e}") This is an OK start, but it’s basic—it lacks validation, proper error handling, thread safety, and consistency across different use cases. Using an agentic approach, we have a Developer Lead Agent that coordinates a team of agents: The Developer Agent generates code, passes it to a Code Review Agent that checks for potential issues or missing best practices, and coordinates improvements with a Performance Agent to optimize it for speed. At the same time, a Security Agent ensures it’s safe from vulnerabilities. Finally, a Team Standards Agent can refine it to adhere to team standards. This process can be iterated any number of times until the Code Review Agent has no further suggestions. The resulting code will evolve to handle multiple threads, manage file locks across processes, batch writes to reduce I/O, and align with coding standards. Through this agentic process, we move from basic functionality to a more sophisticated, production-ready solution. An agentic approach reflects how we can harness the power of LLMs iteratively, bringing human-like collaboration and review processes to code generation. It’s not just about writing code; it's about continuously improving it to meet evolving requirements, ensuring consistency, quality, and performance. How are you using LLMs in your development workflows? Let's discuss!

The best advice I got as a junior engineer: 1. Make it work: In the initial stages, focus on creating a functional solution. Prioritise getting the core functionality up and running to establish a baseline. 2. Then make it right: Once the basic functionality is achieved, shift your focus to refining the code. Clean up your implementation, improve code structure, and adhere to best practices for better maintainability. 3. Then make it fast & pretty: After achieving functionality and code cleanliness, work on optimizing performance and enhancing the user interface. Ensure that the software runs efficiently and has a polished, user-friendly design. 4. Embrace Continuous Learning: Stay curious and committed to ongoing learning. Keep abreast of new technologies, tools, and methodologies to stay relevant and enhance your skills throughout your career. 5. Seek Feedback and Collaboration: Actively seek feedback from peers and experienced colleagues to improve your skills. Foster a collaborative environment that encourages open communication, leading to innovative solutions and a stronger team dynamic. 6. Prioritize Documentation: Document your code, processes, and decisions clearly. This not only aids in understanding your work later on but also helps team members comprehend and maintain the code, contributing to an efficient workflow. 7. Understand the Business Context: Go beyond technical skills and strive to understand the broader business context. Align your technical efforts with organizational goals to make your contributions more impactful and meaningful. 8. Practice Problem-Solving: Develop a problem-solving mindset by breaking down complex issues into manageable components. This approach not only makes problem-solving feasible but also helps in identifying root causes and fosters resilience in the face of technical challenges. 9. Prioritize Security and Reliability: Emphasize security and reliability in your work. Write secure code, ensure robustness in solutions, and prioritize testing to create software that not only functions well but is also resilient to potential vulnerabilities and failures. Remember, a well-rounded set of skills and attitudes will not only make you a proficient engineer but also contribute to a positive and productive work environment.