Loading
Loading
AI Code Factory build log: 14 fully tested API endpoints delivered in one afternoon. What the agent wrote, what the developer wrote, and what the numbers mean.
Author
Tom Bergström
Published
21 May 2026
Reading time
7 min read
Topics
nordic-tech, architecture, scaling
Our developer blocked off a Friday afternoon for what would normally be a 3-day task: building out the full REST API layer for a client's SaaS backend. 14 endpoints covering user management, workspace operations, invitation flows, and subscription status. All with validation, error handling, session guards, and a test for every happy path and one error path per endpoint.
By 5:47 PM, it was done. 14 endpoints, 42 tests, all passing, all typed, zero lint errors. This is the build log — what the AI Code Factory generated, what the developer wrote, and what we would have done differently.
Endpoints delivered
Tests written
Total time
Previous baseline
The client needed the API layer for a B2B SaaS product — a team collaboration tool. The 14 endpoints covered four resource groups: users, workspaces, members, and subscriptions. Each group had its own authorization model (workspace admin vs. member vs. owner), its own Prisma models, and its own validation rules.
Without the AI Code Factory, this is a well-understood task with predictable difficulty: define the models, write the routes, write the tests, fix the issues that the tests surface, clean up. Three days is standard. Senior developers don't go faster because the bottleneck isn't thinking speed — it's the volume of boilerplate that must be written carefully before you reach the interesting parts.
The split is more useful than the total time number. Understanding what required human judgment — and what didn't — tells you where the leverage actually comes from.
| Component | Who Wrote It | Time | Notes |
|---|---|---|---|
| Route handler structure (all 14) | AI Agent | ~40 min | Followed backend.skill.md pattern exactly |
| Zod validation schemas | AI Agent | ~25 min | Developer reviewed and adjusted 3 schemas |
| Prisma query logic | AI Agent | ~30 min | All queries; developer checked relations |
| Authorization logic | Developer | ~45 min | Multi-role auth required custom judgment |
| Test suite (42 tests) | AI Agent | ~35 min | testing.skill.md drove the pattern |
| Subscription webhook handler | Developer | ~40 min | Stripe-specific logic not in skill file |
| Error handling review | Developer | ~25 min | Reviewed all 14 error paths |
The developer spent roughly 110 minutes on work that required product-specific knowledge or architectural judgment. The agent handled roughly 130 minutes of structural, pattern-following work. That ratio — slightly more agent than human — is consistent with what we see across similar builds. As skill files mature, the ratio shifts further toward the agent.
Read our Mathem case study — 40% faster delivery, 3× team growth in 6 months.
The developer's workflow was prompt-first, not code-first. They wrote a feature brief — a plain-language description of what each endpoint needed to do, including edge cases — and fed it to the agent alongside the relevant SKILL.md files. The agent produced a first draft of the route handler and its test file. The developer reviewed, caught the authorization logic gap, wrote that section manually, then handed back to the agent for the next endpoint.
The cadence was approximately 15 minutes per endpoint group, including review. The Stripe webhook handler was the outlier at 40 minutes — it required reading Stripe's documentation, handling idempotency, and verifying the webhook signature. That's not a task a general-purpose skill file handles well, and we didn't try to force it. We wrote a Stripe-specific SKILL.md afterward that we'll reuse on the next project that needs it.
The authorization model was the only area where we lost time. The client's workspace permission system had three roles with overlapping capabilities, and the skill file didn't have a pattern for it. We handled it manually, but we also wrote a new authorization.skill.md that encodes the pattern for future use. That's how the skill library grows — each project that hits a gap produces a new skill that closes it.
We'd also pre-generate the Prisma models before starting the API layer. We generated the schema and the routes in the same session, which meant the agent occasionally produced routes that referenced models it hadn't fully defined yet. Sequencing schema-first then routes is cleaner.
"Every build that hits a gap produces a new skill file. Over time the skill library covers more and more of the domain, and the human intervention points get narrower and narrower. It's a learning system — but only if you're disciplined about encoding what you learn." — Tom Bergström, COO & Co-Founder, Indpro AB
If you're estimating API development work at 2–3 days per feature set, the AI Code Factory changes those numbers materially. The 14-endpoint build took 3.5 hours. That's not a best case — it's what happens when the skill files are properly configured and the team understands the workflow.
More practically: a sprint that would typically fit 2–3 API features can now fit 8–10 at the same quality level. That's not an argument for cramming more work into sprints — it's an argument for shipping more value in the same timeframe. The ceiling on engineering velocity is no longer developer hours. It's the quality of the skill files and the guardrails behind them.
Want to see what the AI Code Factory looks like applied to your tech stack?
Q: What stacks does the AI Code Factory support for API development?
The SKILL.md approach is framework-agnostic — we've built skill files for Next.js App Router, Express/Node, FastAPI (Python), and Spring Boot. The productivity gains are highest where the stack is well-documented and the patterns are consistent. TypeScript/Next.js is currently our most mature skill library given our client base.
Q: How do you handle security review when AI is writing API endpoints?
Security patterns are encoded directly in the skill file — session guards, input validation with Zod, no raw SQL, environment variable handling. The guardrails enforce them at commit time. Beyond that, the PR review agent runs a security-focused scan on every pull request. The developer also reviews all authorization logic manually, as shown in the build log above — that's a deliberate policy, not an oversight.
Q: Can your team implement this for a client, or do clients do it themselves?
Both models work. For AI Code Factory implementations, we typically do a 6–8 week Modernization Sprint where our engineers set up the skill library, configure the hooks and agents, and train the client team. After that, the client team runs it independently. We also offer ongoing optimization as part of our managed team model — see our services page for details.
CTO & Co-Founder
Tom leads Indpro's technology strategy and engineering standards. With 20+ years of experience building and leading engineering teams across the Nordic region, he ensures every engagement delivers at the highest technical level.
Connect on LinkedIn →We surveyed 30 Nordic CTOs about their biggest strategic regret in 2025. 22 gave the same answer. Here's what they said, why it keeps happening, and what the patterns reveal.
10 pages of practical insight on operating models, compensation benchmarks, and a hiring playbook. Free PDF.
Download the Free GuideOr reach us directly: sales@indpro.se · +46 73 932 21 38