Chapter 30: Exercises
Tier 1 — Remember and Understand (Exercises 1-6)
Exercise 1: Quality Gate Identification
List the five main categories of automated quality checks discussed in this chapter (linting, type checking, security scanning, complexity analysis, and testing). For each category, name the primary Python tool recommended and describe in one sentence what it checks.
Exercise 2: Complexity Metric Definitions
Define the following terms in your own words and provide a one-line Python code example for each that demonstrates a complexity increase: - Cyclomatic complexity - Cognitive complexity - Maintainability index
Exercise 3: Review Feedback Labels
Explain the difference between the five review feedback labels ([MUST], [SHOULD], [COULD], [NIT], [QUESTION]). For each label, write an example review comment that a reviewer might leave on a pull request for a web API endpoint.
Exercise 4: Technical Debt Categories
List the five categories of technical debt described in Section 30.6 (code smells, design debt, test debt, documentation debt, dependency debt). For each category, give two concrete examples that are especially common in AI-generated code.
Exercise 5: Linter Rule Categories
Examine the Ruff configuration shown in Section 30.4. For each of the following rule prefixes, explain what category of issues it catches: E, F, B, S, SIM, UP.
Exercise 6: Pre-Commit Hook Purpose
Explain why pre-commit hooks are described as "more important with AI-generated code, not less." Give three specific scenarios where a pre-commit hook would catch an issue in AI-generated code that a developer might overlook.
Tier 2 — Apply (Exercises 7-12)
Exercise 7: Configure Ruff for a New Project
Create a complete pyproject.toml configuration for Ruff that:
- Targets Python 3.11
- Uses a line length of 100
- Enables rules for pycodestyle, pyflakes, isort, bugbear, security, and simplify
- Ignores line length errors (E501) and assert usage (S101)
- Exempts test files from security and magic value checks
- Uses double quotes and space indentation for formatting
Exercise 8: Write a Pre-Commit Configuration
Create a .pre-commit-config.yaml file that includes:
- Ruff for linting and formatting
- Mypy for type checking
- Trailing whitespace removal
- End-of-file fixer
- YAML validation
- Large file detection (max 1MB)
- Private key detection
Test it against a sample Python file that intentionally contains formatting issues, a type error, and trailing whitespace.
Exercise 9: Calculate Cyclomatic Complexity
Calculate the cyclomatic complexity of the following function by hand. Then verify your answer using the radon tool.
def process_order(order: dict) -> str:
if not order:
return "empty"
status = order.get("status", "unknown")
total = order.get("total", 0)
if status == "pending":
if total > 1000:
if order.get("verified"):
return "approved_high_value"
else:
return "review_required"
elif total > 0:
return "approved"
else:
return "invalid_total"
elif status == "cancelled":
if order.get("refunded"):
return "closed"
return "pending_refund"
elif status == "shipped":
return "in_transit"
else:
return "unknown_status"
Exercise 10: Write Review Comments
Given the following AI-generated code, write five review comments using the appropriate feedback labels ([MUST], [SHOULD], [COULD], [NIT], [QUESTION]):
import os
import json
def get_user_data(user_id):
query = f"SELECT * FROM users WHERE id = {user_id}"
conn = sqlite3.connect(os.environ["DB_PATH"])
cursor = conn.cursor()
cursor.execute(query)
result = cursor.fetchone()
data = {"id": result[0], "name": result[1], "email": result[2],
"password": result[3]}
return data
Exercise 11: Create a Quality Ratchet
Write a Python script that:
1. Reads the current test coverage percentage from a coverage.json file
2. Compares it against a stored minimum in quality-ratchet.json
3. Fails (exits with code 1) if coverage dropped below the minimum
4. Updates the minimum if coverage improved
5. Prints a clear message indicating the result
Exercise 12: AI Review Prompt Engineering
Write three different AI review prompts optimized for: 1. A database migration file 2. A REST API endpoint handler 3. A data processing pipeline
Each prompt should specify what to check, how to format findings, and what severity levels to use. Test each prompt against a sample code snippet.
Tier 3 — Analyze (Exercises 13-18)
Exercise 13: Compare Linter Configurations
Configure both Ruff and Pylint for the same Python project. Run both tools against a 200+ line Python file (you may use AI to generate the file). Compare: - Which issues each tool found - Which tool found issues the other missed - The execution time of each tool - The configuration complexity
Write a recommendation for which tool (or combination) to use and why.
Exercise 14: Complexity Analysis of AI-Generated Code
Use an AI assistant to generate implementations of the following algorithms: 1. Binary search 2. Merge sort 3. Breadth-first search on a graph 4. LRU cache
Calculate the cyclomatic complexity, cognitive complexity, and maintainability index for each implementation. Then manually refactor one of them to reduce complexity. Compare the metrics before and after refactoring.
Exercise 15: Technical Debt Audit
Select an open-source Python project on GitHub with at least 1,000 lines of code. Perform a technical debt audit using: - Ruff for code smells - Mypy for type safety gaps - Radon for complexity hotspots - Bandit for security issues
Categorize the findings by debt type and severity. Estimate the remediation effort for the top 10 issues. Present your findings in a structured report.
Exercise 16: Review Effectiveness Analysis
Analyze 10 pull requests from an open-source project (e.g., a popular Python library on GitHub). For each PR: - Count the number of review comments - Categorize comments (bug, style, design, question, praise) - Note whether the PR was AI-assisted (if disclosed) - Measure time from PR creation to merge
What patterns do you observe? Do PRs with more review comments take longer to merge? Are certain types of comments more common?
Exercise 17: Quality Gate Impact Assessment
Design an experiment to measure the impact of quality gates on code quality. Your experiment should: 1. Define a control condition (no quality gates) and treatment condition (full quality gates) 2. Specify what metrics you will measure 3. Describe how you will control for confounding variables 4. Outline the expected outcomes 5. Discuss the ethical considerations of the experiment
Exercise 18: Cognitive Complexity Deep Dive
Analyze the following two functions that accomplish the same task. Calculate the cognitive complexity of each. Explain why one is more cognitively complex than the other, relating your explanation to specific cognitive complexity rules.
# Version A
def categorize_users_a(users: list[dict]) -> dict[str, list[str]]:
result: dict[str, list[str]] = {"active": [], "inactive": [], "banned": []}
for user in users:
if user.get("banned"):
if user.get("appeal_pending"):
if user.get("admin_override"):
result["active"].append(user["name"])
else:
result["banned"].append(user["name"])
else:
result["banned"].append(user["name"])
elif user.get("last_login_days", 999) <= 30:
result["active"].append(user["name"])
else:
result["inactive"].append(user["name"])
return result
# Version B
def categorize_users_b(users: list[dict]) -> dict[str, list[str]]:
result: dict[str, list[str]] = {"active": [], "inactive": [], "banned": []}
for user in users:
category = _determine_category(user)
result[category].append(user["name"])
return result
def _determine_category(user: dict) -> str:
if user.get("banned") and not (
user.get("appeal_pending") and user.get("admin_override")
):
return "banned"
if user.get("last_login_days", 999) <= 30 or user.get("admin_override"):
return "active"
return "inactive"
Tier 4 — Evaluate and Create (Exercises 19-24)
Exercise 19: Design a Review Checklist for Your Domain
Create a comprehensive code review checklist tailored to a specific domain (choose one: healthcare, fintech, e-commerce, IoT, or machine learning). Your checklist should include: - At least 30 items organized into categories - Domain-specific security checks - Regulatory compliance checks relevant to the domain - AI-generated code specific checks - Priority levels for each item
Exercise 20: Build an Automated Review Bot
Create a Python script that acts as an automated code review bot. The bot should: 1. Accept a Python file as input 2. Run Ruff, mypy, and radon against it 3. Parse the output from each tool 4. Generate a unified review report in Markdown format 5. Include severity ratings and suggested fixes 6. Calculate an overall quality score (0-100)
See code/exercise-solutions.py for a reference implementation.
Exercise 21: Quality Dashboard Design
Design a quality monitoring dashboard for an AI-assisted development team. Create: 1. A wireframe showing the dashboard layout 2. A list of all metrics displayed with their data sources 3. Alert threshold definitions for each metric 4. A data collection pipeline architecture diagram 5. A Python implementation of the data collection layer
Exercise 22: Code Review Simulation
Pair with another developer (or use AI as a simulated pair). Generate a 200-line Python module using an AI assistant (a REST API endpoint, a data processing pipeline, or a CLI tool). Then: 1. One person reviews the code using the checklist from Exercise 19 2. The other person reviews the same code using AI-powered review 3. Compare findings—what did the human catch that AI missed, and vice versa? 4. Write a synthesis document combining both reviews
Exercise 23: Develop a Technical Debt Scoring System
Create a comprehensive technical debt scoring system that: 1. Defines a scoring rubric (0-100) across multiple dimensions 2. Weights different types of debt by business impact 3. Incorporates both automated metrics and manual assessments 4. Produces a single "debt score" for a module or project 5. Tracks the score over time and generates trend reports 6. Implements the scoring system as a Python tool
Exercise 24: Quality Gate Pipeline Implementation
Implement a complete quality gate pipeline using GitHub Actions (or equivalent CI) that includes: 1. Linting with Ruff (blocking) 2. Type checking with mypy (blocking) 3. Security scanning with Bandit (blocking for critical/high) 4. Test execution with coverage enforcement (blocking at 80%) 5. Complexity checking with radon (warning only) 6. AI-powered review summary (non-blocking) 7. Quality ratchet enforcement 8. Dashboard metric collection
Write the complete workflow YAML and any supporting scripts.
Tier 5 — Synthesis and Transfer (Exercises 25-30)
Exercise 25: Quality Culture Assessment Tool
Develop a survey instrument (15-20 questions) that measures the quality culture health of a software development team. Include questions covering: - Individual attitudes toward code review - Team norms around quality practices - Tool adoption and usage patterns - AI tool transparency - Management support for quality investment
Score the survey on a 1-5 scale and provide interpretation guidelines. Pilot the survey with at least three developers and refine based on feedback.
Exercise 26: Cross-Language Quality Framework
Design a quality assurance framework that works across Python, JavaScript/TypeScript, and one other language of your choice. For each language, specify: - Recommended linters and their configurations - Type checking tools and strictness levels - Complexity measurement tools - Security scanning tools - A unified review checklist that applies to all three languages - A quality dashboard that aggregates metrics across languages
Exercise 27: Quality ROI Analysis
Create a cost-benefit analysis model for implementing a comprehensive quality assurance program. Your model should: 1. Estimate the cost of implementing quality gates (tool setup, CI time, developer training) 2. Estimate the cost of code reviews (developer time, review tooling) 3. Estimate the savings from catching bugs earlier (cost of production bugs vs. review bugs) 4. Calculate the break-even point 5. Model different scenarios (small team, medium team, large team) 6. Present findings in a professional report format
Exercise 28: AI Review Calibration Study
Design and conduct a calibration study for AI code review: 1. Prepare 10 code snippets with known issues (bugs, security flaws, performance problems) 2. Run each snippet through AI review using three different prompt strategies 3. Score the AI's ability to find each known issue 4. Identify patterns in what AI review catches vs. misses 5. Develop an optimized prompt strategy based on your findings 6. Validate the optimized strategy against 5 new code snippets
Exercise 29: Open-Source Quality Contribution
Select a real open-source Python project and contribute a quality improvement: 1. Run the full quality tool suite against the project 2. Identify the highest-impact quality improvement 3. Implement the improvement (add linter configuration, fix type errors, add pre-commit hooks, improve test coverage) 4. Submit a pull request with a clear description of the quality improvement 5. Document the experience—what was accepted, what was rejected, and what you learned about that project's quality culture
Exercise 30: Comprehensive Quality Playbook
Create a complete "Quality Playbook" document for a hypothetical startup transitioning from rapid prototyping to production-grade development with AI-assisted coding. The playbook should include: 1. Quality vision and principles 2. Tool selection and configuration guides 3. Review process documentation 4. Quality metrics and monitoring plan 5. Technical debt management strategy 6. Onboarding guide for new developers 7. Quality culture building activities 8. Phased implementation plan (3-month, 6-month, 12-month milestones) 9. Templates for all reviews and reports 10. ROI justification for leadership
This is a capstone exercise that synthesizes everything from the chapter.