Velocity Portal
Developer Onboarding
Reference

Common Questions

Frequently asked questions about adopting AI-assisted development and handling common scenarios

How do I convince my team to adopt this?

Approach:

  1. Start yourself, track metrics
  2. Share wins in standups
  3. Offer to pair with interested teammates
  4. Create lunch & learn sessions
  5. Let results speak

Don't: Force adoption top-down. Let enthusiasm spread organically.

What if AI makes a mistake in production?

It will happen. Here's the playbook:

  1. Immediate: Rollback or hotfix (same as any bug)
  2. Post-mortem: What went wrong? Why didn't review catch it?
  3. Update process: Add to review checklist
  4. Update rules: Add to .cursor/rules
  5. Share learning: Team retrospective

Key: Treat AI-caused bugs same as human-caused bugs. Focus on process improvement, not blame.

How do I handle code I don't fully understand?

Red flag if:

  • You can't explain it to a teammate
  • You can't debug it if it breaks
  • You can't modify it if requirements change

Solution:

You: "Explain this code line by line, as if teaching a junior developer"

[AI explains]

You: "Why did you choose [specific pattern] instead of [alternative]?"

[AI explains trade-offs]

You: "Show me a simpler version that accomplishes same goal"

Rule: If still not confident after explanation, rewrite with AI guidance until you understand.

Should we disclose to clients we use AI?

Our approach at Limestone Digital:

  • Yes, be transparent
  • Frame as "AI-augmented development" not "AI-generated code"
  • Emphasize: human expertise, AI acceleration
  • Highlight: better documentation, more tests, faster iteration

Value proposition: "We deliver higher quality faster by leveraging AI to handle boilerplate while our senior engineers focus on architecture and business logic."

I accidentally exposed secrets to AI, what do I do?

Immediate response (within 1 hour):

  1. Stop using AI until secrets are rotated
  2. List everything exposed:
    • Database credentials?
    • API keys (which services)?
    • Customer data?
    • Infrastructure details?
  3. Rotate all secrets immediately: 
    # Priority order:
# 1. Database passwords (highest risk)
# 2. API keys with write access
# 3. API keys with read access
# 4. Other credentials
  4. Notify stakeholders:
    • Your team lead (immediately)
    • Client technical contact (within 2 hours)
    • Document what was exposed and what was done

Example client notification:

Subject: Security Incident - Credentials Rotation

Hi [Client],

We're notifying you of a security incident that occurred today.

What happened:
During development, production credentials were inadvertently
shared with our AI coding assistant.

What was exposed:
- Database connection string
- AWS S3 access keys

What we did:
- Rotated all affected credentials within 30 minutes
- Verified no unauthorized access occurred
- Implemented additional safeguards (.cursorignore)
- Updated team security training

Current status:
- All systems operational
- New credentials deployed
- No evidence of unauthorized access
- Additional monitoring in place

We take security seriously and have taken steps to prevent
recurrence. Please let me know if you have any questions.

[Your name]

Prevent recurrence:

  • Configure .cursorignore (if not already)
  • Add to team checklist
  • Update onboarding docs
  • Share lesson learned in team meeting

Key principle: Better to over-communicate than under-communicate on security issues.

On this page

How do I convince my team to adopt this?
What if AI makes a mistake in production?
How do I handle code I don't fully understand?
Should we disclose to clients we use AI?
I accidentally exposed secrets to AI, what do I do?