DEVELOPMENT

Ai Coding Practices

Understand how to validate AI generated code, simulate transactions, and maintain safety in production. These principles keep your projects secure,…

Understand how to validate AI-generated code, simulate transactions, and maintain safety in production. These principles keep your projects secure, reliable, and auditable when using Carbium’s infrastructure or SDKs.

1. Why Validation Matters

AI can accelerate development, but it can also produce incorrect or unsafe logic — especially when handling blockchain transactions. A single malformed transaction or unchecked API call can lead to loss of funds, exposure of private keys, or corrupted on-chain data.

Key principles:

  • Always review every line of AI-generated code before execution.
  • Never execute code that interacts with wallets or RPC endpoints until tested in a sandbox.
  • Treat AI output as a draft, not a trusted script.

2. Validate AI-Generated Code

Syntax & Static Validation

Run automated linters and type checkers to ensure syntax correctness before logic review.

# Python example
flake8 your_script.py

# TypeScript example
tsc --noEmit your_script.ts

Security Validation

  • Never paste private keys into prompts. Instead use them in .env files
  • Avoid AI-generated code that uses external URLs or requests without verification.
  • Always sanitize user input before passing it to any blockchain function.

Tip: When generating Solana or DeFi scripts, require the AI to explicitly name the SDK and endpoint, for example:

“Use the official Carbium DEX SDK and connect to https://rpc.carbium.io”


3. Simulate Transactions Safely

Before broadcasting a transaction to the Solana mainnet, simulate it using the RPC simulateTransaction method. This ensures gas usage, accounts, and instruction data are valid.

from solders.transaction import Transaction
from solana.rpc.api import Client

client = Client("https://rpc.carbium.io")

# Create and simulate
txn = Transaction()
resp = client.simulate_transaction(txn)
print(resp)

Simulation gives full visibility into:

  • Compute units used
  • Logs produced by programs
  • Errors before they cost tokens

Always simulate before sending — whether code is AI-generated or written by hand.


4. Testing in Devnet or Localnet

Use Solana Devnet or a local validator to test AI-produced code in a risk-free environment. Carbium RPC endpoints support full Devnet connectivity.

solana config set --url https://api.devnet.solana.com

You can deploy tokens, swap test assets, or stake dummy SOL without real value. Switch back to mainnet only after all simulations and assertions pass.


5. Continuous Safety and Review

  • Integrate linting, unit testing, and simulation into your CI/CD pipeline.
  • Use Carbium’s RPC health and latency metrics to detect misbehavior early.
  • Log all AI-generated commits separately for auditability.

6. Recommended Practices

Area Best Practice Tools
Syntax Validation Lint, format, and type check AI output flake8, eslint, black, tsc
Transaction Simulation Use dry-run RPC calls simulateTransaction, Carbium RPC
Deployment Deploy only reviewed and simulated builds GitHub Actions + Devnet
Key Handling Keep secrets out of prompts .env + Keypair Files
Review Peer review all AI-generated commits Git diff, PR checks

7. Technical References