Platform Engineering Book

I’m working on a platform engineering book for practitioners and engineers. There will probably be some repetition as I explore some of the book's topics. I’ll update you when I register with LeanPub.

In a recent Team Topologies ‘Stream of Teams’, Matthew Skelton and Paula Kennedy discussed the impact of AI on technical teams, particularly on Platform teams. They identified two main potential issues:

1. Automation complacency - the teams trust the code too much.

2. Avalanche of code fired at the platform - the teams are using AI to become massively more productive, but they are not considering the impact that this increased budget will have on the platform teams.

The problem is that churning out lines of code has never been a perfect way to measure productivity. The bottleneck is not the production of code but the interpretation of the problem we are trying to solve and the production of a system that can solve it. We need to look at how we can use code, infrastructure, and anything else to do that.

If we are to deal with the increased volume of code - and if we are to be able to measure and establish trust in the code which is produced - we need to develop metrics and indicators of code quality. It doesn’t matter if the code was written by genAI or humans. We cannot rely on saying that we know quality when we see it when so much of it is churned out that it becomes impossible to check it all. The code might be unhealthy, representing a significant risk to the organisation.

The goal has always been to use the cloud to democratise infrastructure. For many organisations, especially startups, the cloud is the core of their platform. It provides access to a self-service platform to everyone who might need it. Automation complacency is a big issue in that, eventually, we will start to trust the machine too much and be too accepting of what the AI generates; therefore, stuff will get through the net.

Even if we try not to trust the machine unquestioningly, we will eventually reach a point where the human in the equation is just ticking a box. They will eventually stop paying attention and mindlessly click the 'checked' button.

People still need critical thinking skills to prevent AI-generated code issues from getting through.

If the cloud is to truly provide democratisation, it needs to provide guardrails so that only 'high-functioning teams' can use it. This will also prevent AI-generated code, which has just been mindlessly accepted, from causing too much damage.

There may be a Dunning-Kruger effect: “My code was machine-generated, and I trust my machine; the boss trusts me. So, you should be able to trust this code.”

It will also replace the need for a tech lead with a clue about what they are doing in offshore teams and dev body shops. We will go from cargo culting stuff from teams that knew what they were doing without any idea of the context or how to apply it to our code - to cargo culting AI-generated code, which didn't have a clue about the context it was initially used for, and applying it to our code.

The platform's being buried under an avalanche of code will become increasingly problematic. We will end up with a problem where a requirement or a series of requirements for a system comes like a pachinko machine of agentic AIs bouncing the requirements towards the platform, patiently waiting at the other side of a wall at the bottom.

One key issue with the growing use of AI dev assistants is that churning out of code has not historically been the problem. As Matthew Skelton said in his recent conversation with Paula Kennedy, “The key is to interpret and understand what we are trying to solve and, hopefully, produce a system that solves it.”

It doesn't matter how the solution or system is created or deployed if the initial understanding of the problem and its possible solutions is not present.

In addition to guardrails, we need to gather metrics about code quality, system stability, and DORA metrics. We can also use something like Codescene to assess the quality of the code produced.

This is true whether humans or AI produced the code. Regardless of how the code was created, it may be unhealthy and pose a significant risk to the organisation.