-
Notifications
You must be signed in to change notification settings - Fork 1
Sprint 1 AI Usage
Alexandru Bianca Ana-Maria edited this page Apr 1, 2026
·
3 revisions
This document logs the usage of Large Language Models (LLMs) during the development of Sprint 1. In accordance with our team's transparency policy, the following sections detail the prompts used to assist with architecture, debugging, and code generation, along with an assessment of the AI's effectiveness and limitations.
Prompts Used:
- "How do I ensure my React frontend and Spring Boot backend port configurations match, and how do I test the connection locally?"
- "Instead of hardcoding a wildcard CORS policy for WebSockets, how can I externalize the allowed origins configuration into
application.propertiesso it can be safely modified for production environments?" - "I added the
@EnableWebSocketMessageBrokerconfiguration class, but Spring Boot isn't initializing the broker. The startup logs are missing theSimpleBrokerMessageHandler : Startedline. What are the common causes for this?" - "Now that the local WebSocket ping-pong works, what architectural changes (e.g., interceptors, proxies, environments) are required to transition this STOMP setup from local development to a secure production cloud environment?"
- "My backend Pull Request was blocked by SonarQube and CodeRabbit. They flagged missing Docstring coverage, wildcard CORS in the default config, and logging raw user payloads. How do I refactor
WebSocketConfig,PingController, andWebSocketEventListenerto resolve these security and quality gate warnings?"
Pros of AI Assistance:
- Rapid Scaffolding: Extremely fast at generating the boilerplate Spring Boot configuration required to get STOMP and SockJS running.
- Pipeline Debugging: Highly effective at interpreting automated CI/CD bot feedback. It instantly mapped SonarQube's vague "vulnerable logging" warning to the exact line where raw user payloads were being printed to the console.
Cons of AI Assistance:
-
Permissive Defaults: To ensure code "just works" on the first try, the AI tends to default to permissive security settings (like wildcard
*CORS origins). This caused our pipeline to fail and required manual intervention and re-prompting to lock down the security.
Prompts Used:
- "After installing
sockjs-client, my Vite React app renders a completely blank screen. The console showsReferenceError: global is not defined. How do I configure Vite to map this legacy Node variable for the browser?" - "My React frontend is getting a
403 ForbiddenCORS error when trying to establish the initial HTTP handshake with the Spring Boot WebSocket endpoint. How do I fix the handshake rejection?" - "My
git commitshows over 3,000 line changes after installing the STOMP and SockJS packages. Is it normal forpackage-lock.jsonto be this large, and should I commit it to the repository?" - "My React PR was flagged by CodeRabbit for a memory leak (missing unsubscribe on reconnect), hardcoded local WebSocket URLs, and noisy production STOMP logs. How do I refactor
socketService.tsandApp.tsxto fix these AI reviewer warnings?" - "My feature branch has severe merge conflicts due to a major React Router architecture update that was just pushed to
main. Provide a step-by-step guide to porting my STOMP client logic and test button over to a fresh branch using the new routing structure."
Pros of AI Assistance:
-
Ecosystem Knowledge: Excellent at deciphering vague frontend errors. It immediately identified that the blank screen was caused by a known incompatibility between Vite (modern bundler) and SockJS (legacy library) and provided the exact
vite.config.tsmapping to fix it. - Refactoring Complex Logic: When the main branch architecture changed drastically, the AI successfully isolated the core WebSocket logic from the old code and seamlessly injected it into the new React Router structure without breaking the application lifecycle.
Cons of AI Assistance:
-
Lifecycle Mismanagement: The initial React code generated by the AI contained a significant memory leak. It set up the STOMP subscription inside a
useEffectbut failed to return a cleanup function to unsubscribe. Because of the auto-reconnect feature, this would have created exponential duplicate event listeners every time the server dropped.
Prompts Used:
- "Provide a comprehensive guide to implementing list-based WebSocket rooms in Spring Boot using STOMP. Translate the Socket.io 'Rooms' concept into dynamic STOMP topic routing based on a List ID."
- "Ensure the list-room implementation fits our existing architecture. It must include a security interceptor to prevent unauthorized or malformed room subscriptions, and it must contain 100% JavaDoc coverage to pass our branch protection rules."
Pros of AI Assistance:
-
Conceptual Translation: Successfully took a framework-specific requirement from our Jira ticket (Socket.io Rooms) and built the correct Spring Boot equivalent (Dynamic Topic Routing with
@DestinationVariable). -
Proactive Security: Because the prompt explicitly demanded security, it built a
ChannelInterceptorutilizing regex validation. This successfully prevents directory traversal and wildcard injection attacks on the socket channels.
Cons of AI Assistance:
- Requires Extreme Precision: The AI relies entirely on the developer outlining architectural and security constraints upfront. If a feature is requested without explicitly demanding a secure and modular solution, the AI provides a naive implementation that leaves the application vulnerable to basic data scraping.
Prompts Used:
- "Provide the exact Git commands to create new feature branches for both my frontend and backend repositories, stage the WebSocket changes, and push them to GitHub. Also, generate standard Pull Request descriptions linking these commits to Jira Tasks #4 and #6."
- "When running
git push -u feature/websocket-setup-backend, I get a 'does not appear to be a git repository' error. What flag or destination is missing from my command?" - "When trying to sync my local
mainbranch with GitHub after merging PRs, I get a 'fatal: refusing to merge unrelated histories' error. How do I force my local repository to perfectly mirror the remotemainbranch and destroy the conflicting local commits?" - "My Spring Boot server crashed unexpectedly, and now I get a 'Web server failed to start. Port 8081 was already in use' error. How do I find the PID and kill the phantom Java process using the Windows terminal?"
- "After pulling the latest
main, Vite throws a 'Failed to resolve import react-router-dom' error and refuses to load. How do I fix this dependency synchronization issue?"
Pros of AI Assistance:
- Acts as an excellent interactive manual for Git workflows and Windows system administration. It provided the exact PowerShell commands (
netstatandtaskkill) to resolve zombie port processes, which prevented significant local downtime. - Streamlined project management by auto-generating PR descriptions that directly referenced our task board and included standard "How to Test" instructions for peer reviewers.
Prompts Used:
- "Based on all of our interactions during this sprint, generate an AI transparency log for our GitHub Wiki formatted in Markdown. Refine my raw prompts to sound professional but realistic, and provide honest pros and cons based on the actual hurdles and pipeline errors we faced."
- "Expand the transparency log with more examples. Use my raw prompts as inspiration, but improve them to avoid repetitive AI phrasing and make the report comprehensive enough for a formal repository wiki."
Pros of AI Assistance:
- Synthesizing Context: Capable of scanning a long, fragmented debugging session and summarizing the entire development lifecycle into a cohesive, structured report.
- Documentation Formatting: Instantly generates clean Markdown ready to be pasted directly into a GitHub Wiki without manual formatting effort.
Cons of AI Assistance:
- Tone Adjustment: Left to its own devices, it defaults to a highly artificial, repetitive structure. It required strict, explicit meta-prompting to force a human-readable format and prevent it from sugar-coating or omitting the actual mistakes it made during the coding phase.