Hi! I'm

Federico Calò

Software Developer | Technical Writer

I create modern web applications and custom digital tools to help businesses grow through technological innovation. My passion is combining computer science and economics to generate real value.

Contact Me

About Me

My passion for computer science was born at the Technical Commercial Institute of Maglie, where I discovered the power of programming and the fascination of creating digital solutions. From the start, I understood that computer science was not just code, but an extraordinary tool for turning ideas into reality.

During my studies in Business Information Systems, I began to interweave computer science and economics, understanding how technology can be the engine of growth for any business. This vision accompanied me to the University of Bari, where I obtained my degree in Computer Science, deepening my technical skills and passion for software development.

Today I put this experience at the service of businesses, professionals and startups, creating tailor-made digital solutions that automate processes, optimize resources and open new business opportunities. Because true innovation begins when technology meets the real needs of people.

My Skills

Data Analysis & Predictive Models

I transform data into strategic insights with in-depth analysis and predictive models for informed decisions

Process Automation

I create custom tools that automate repetitive operations and free up time for value-added activities

Custom Systems

I develop tailor-made software systems, from platform integrations to customized dashboards

const federico = {
  nome: "Federico Calò",
  ruolo: "Sviluppatore Software",
  città: "Bari, Italia",
  missione: "Aiutare attraverso l'informatica",
  passioni: [
    "Codice Pulito",
    "Innovazione",
    "Crescita Continua"
  ]
};

La Mia Missione

Credo fermamente che l'informatica sia lo strumento più potente per trasformare le idee in realtà e migliorare la vita delle persone.

Democratizzare la Tecnologia

La mia missione è rendere l'informatica accessibile a tutti: dalle piccole imprese locali alle startup innovative, fino ai professionisti che vogliono digitalizzare la propria attività. Ogni realtà merita di sfruttare le potenzialità del digitale.

Unire Informatica ed Economia

Non è solo questione di scrivere codice: è capire come la tecnologia possa generare valore reale. Intrecciando competenze informatiche e visione economica, aiuto le attività a crescere, ottimizzare processi e raggiungere nuovi traguardi di efficienza e redditività.

Creare Soluzioni su Misura

Ogni attività è unica, e così devono esserlo le soluzioni. Sviluppo strumenti personalizzati che rispondono alle esigenze specifiche di ciascun cliente, automatizzando processi ripetitivi e liberando tempo per ciò che conta davvero: far crescere il business.

Trasforma la Tua Attività con la Tecnologia

Che tu gestisca un negozio, uno studio professionale o un'azienda, posso aiutarti a sfruttare le potenzialità dell'informatica per lavorare meglio, più velocemente e in modo più intelligente.

Parliamone Insieme →

Join the Community

Join the developer community where we discuss software, AI, architecture and DevOps. Share ideas, ask questions and grow with us.

Channel

FC Dev Blog

Get notifications on new articles, complete series, weekly tips and featured tools. Bilingual IT/EN content directly in your Telegram.

New articles as they are published
Weekly tips and code snippets
Polls on future topics

Subscribe to Channel

Group

FC Dev Community

A bilingual IT/EN community for developers. Discussions, Q&A, mutual help and networking with other professionals.

Discussions on articles and technologies
Coding help and code review
Job opportunities and collaboration

Join the Group

Discussion Topics

View

Master SQL

RoadMap.sh

November 2024

View

Oracle Certified Foundations Associate

Oracle

October 2024

View

People Leadership Credential

Connect

September 2024

💻 Languages & Technologies

Java

Python

JavaScript

Angular

React

TypeScript

SQL

PHP

CSS/SCSS

Node.js

Docker

Git

💼

12/2024 - Present

Custom Software Engineering Analyst

Accenture

Bari, Puglia, Italy · Hybrid Analysis and development of computer systems through the use of Java and Quarkus in Health and Public Sector. Continuous training on modern technologies for creating customized and efficient software solutions and on agents.

💼

06/2022 - 12/2024

Software analyst and Back End Developer Associate Consultant

Links Management and Technology SpA

Experience analyzing as-is software systems and ETL flows using PowerCenter. Completed Spring Boot training for developing modern and scalable backend applications. Backend developer specialized in Spring Boot, with experience in database design, analysis, development and testing of assigned tasks.

💼

02/2021 - 10/2021

Software programmer

Adesso.it (prima era WebScience srl)

Experience in AS-IS and TO-BE analysis, SEO evolutions and website evolutions to improve user performance and engagement.

🎓

2018 - 2025

Degree in Computer Science

University of Bari Aldo Moro

Bachelor's degree in Computer Science, focusing on software engineering, algorithms, and modern development practices.

📚

2013 - 2018

Diploma - Corporate Information Systems

Technical Commercial Institute of Maglie

Technical diploma specializing in Business Information Systems, combining IT knowledge with business management.

Contattami

Hai un progetto in mente? Parliamone! Compila il form qui sotto e ti risponderò al più presto.

* Campi obbligatori. I tuoi dati saranno utilizzati solo per rispondere alla tua richiesta.

Case Study: Implementing a Quality Framework for AI Code

After eight articles of theory, metrics and tools, it is time to see everything in action. This case study documents the end-to-end implementation of a quality framework for AI-generated code in a fintech startup with a team of 12 developers, 65% of whose new code is generated through AI assistants. We will see the implementation timeline, before-and-after metrics, challenges encountered and concrete results.

The project took place over a period of 8 weeks with a dedicated team of 2 people (a quality engineer and a senior developer), with the goal of reducing the AI code defect rate by 40% and production incidents by 50%.

What You Will Learn

How to plan and implement a quality framework for AI code in 8 weeks
Baseline metrics and how to measure them before intervention
The technical architecture of the framework: SAST, test intelligence, CI/CD guardrails
Real challenges encountered and how they were overcome
Measurable results achieved: defect reduction, incidents, costs
Lessons learned and recommendations for other teams

Context: The FinPay Startup

FinPay (fictitious name) is a fintech startup developing a B2B payments platform. The team of 12 developers works on a Python/FastAPI codebase with approximately 180,000 lines of code. The adoption of GitHub Copilot and Claude occurred 8 months before the intervention, and the team had already noticed a concerning increase in production incidents.

      Team and Project Profile
      
          Characteristic
          Detail
        
          Team size
          12 developers (4 senior, 5 mid, 3 junior)
        
          Codebase
          Python/FastAPI, 180K LOC
        
          AI code ratio
          65% of new code
        
          AI tools
          GitHub Copilot, Claude (via API)
        
          CI/CD
          GitHub Actions, Docker, AWS ECS
        
          Deployment frequency
          3-4 deploys/week
        
          Main problem
          2x increase in incidents over 6 months

Phase 1: Assessment and Baseline (Week 1-2)

Before implementing any solution, we conducted a thorough assessment to establish baseline metrics. Without starting data, it would be impossible to measure the impact of the intervention.

Baseline Data Collection

We analyzed the last 3 months of data from the Git repository, CI/CD pipeline, incident management system and existing SonarQube metrics (configured with standard thresholds, not optimized for AI code).


# Baseline metrics collection script
class BaselineCollector:
    """Collects baseline metrics for the quality framework"""

    def __init__(self, git_client, sonar_client, incident_db):
        self.git = git_client
        self.sonar = sonar_client
        self.incidents = incident_db

    def collect_baseline(self, months=3):
        """Collects all baseline metrics"""
        return {
            "code_quality": self._collect_code_quality(),
            "defect_metrics": self._collect_defect_metrics(months),
            "incident_metrics": self._collect_incident_metrics(months),
            "review_metrics": self._collect_review_metrics(months),
            "coverage_metrics": self._collect_coverage_metrics(),
        }

    def _collect_defect_metrics(self, months):
        """Defect metrics separated by AI vs human"""
        commits = self.git.get_commits(months=months)
        ai_commits = [c for c in commits if self._is_ai_generated(c)]
        human_commits = [c for c in commits if not self._is_ai_generated(c)]

        return {
            "total_commits": len(commits),
            "ai_commits": len(ai_commits),
            "ai_ratio": round(len(ai_commits) / len(commits), 2),
            "ai_defect_rate": self._calculate_defect_rate(ai_commits),
            "human_defect_rate": self._calculate_defect_rate(human_commits),
            "ai_bugs_total": self._count_bugs(ai_commits),
            "human_bugs_total": self._count_bugs(human_commits),
        }

    def _collect_incident_metrics(self, months):
        """Production incident metrics"""
        incidents = self.incidents.get_recent(months=months)
        return {
            "total_incidents": len(incidents),
            "ai_related": len([i for i in incidents if i.ai_code_related]),
            "avg_mttr_hours": self._avg_mttr(incidents),
            "severity_distribution": self._severity_dist(incidents),
            "monthly_trend": self._monthly_trend(incidents),
        }

      Baseline Metrics (Before Intervention)
      
          Metric
          Baseline Value
          Target
        
          Defect rate (AI code, per 1000 LOC)
          5.8
          <3.5
        
          Production incidents/month
          8.3
          <3.5
        
          MTTR (hours)
          4.2
          <2.5
        
          Code coverage (new AI code)
          38%
          >75%
        
          Change Failure Rate
          22%
          <10%
        
          New code duplication
          19%
          <5%
        
          Average cognitive complexity
          18.4
          <10
        
          PR review time (hours)
          6.8
          <4

Phase 2: Quick Wins (Week 3-4)

In the second phase we implemented immediate-impact changes: pre-commit secret detection, custom SonarQube quality gate and AI code review checklist. The goal was to achieve visible results quickly to generate momentum within the team.

Secret Detection Implementation

The first intervention was implementing secret detection as a pre-commit hook. In the first 3 days, the tool intercepted 7 hardcoded credentials that would have ended up in the repository, including 2 production API keys.

Custom SonarQube Quality Gate

We created an "AI Code Strict" Quality Gate with thresholds calibrated for AI code, based on the baseline metrics collected in phase 1. Thresholds were set to block 20-25% of PRs on first attempt, balancing enforcement and productivity.

Structured Review Checklist

We introduced a mandatory checklist for AI-generated code review, integrated as a PR template in GitHub. The checklist covers the 10 critical areas identified in the assessment and includes specific questions the reviewer must answer before approving.

Phase 3: Advanced Automation (Week 5-6)

The third phase introduced advanced automation into the pipeline: SAST with custom rules for AI patterns, test intelligence with mutation testing and integrated security scanning.


# CI/CD Pipeline implemented for FinPay
# .github/workflows/quality-framework.yml
name: AI Code Quality Framework

on:
  pull_request:
    branches: [main, develop]

jobs:
  secret-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: TruffleHog Secret Scan
        uses: trufflesecurity/trufflehog@main
        with:
          extra_args: --only-verified

  quality-analysis:
    needs: secret-scan
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.11"

      - name: Run Tests with Coverage
        run: |
          pip install -r requirements.txt
          pytest tests/ --cov=src --cov-report=xml \
                 --cov-fail-under=75 -v

      - name: Semgrep SAST
        uses: returntocorp/semgrep-action@v1
        with:
          config: >-
            p/python
            p/security-audit
            .semgrep/ai-rules.yml

      - name: SonarQube Analysis
        uses: sonarsource/sonarqube-scan-action@master
        env:
          SONAR_TOKEN: #123;{ secrets.SONAR_TOKEN }}

      - name: Quality Gate
        uses: sonarsource/sonarqube-quality-gate-action@master
        env:
          SONAR_TOKEN: #123;{ secrets.SONAR_TOKEN }}

  mutation-testing:
    needs: quality-analysis
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Mutation Tests
        run: |
          pip install mutmut
          mutmut run --paths-to-mutate=src/ \
                     --tests-dir=tests/ \
                     --runner="pytest -x"
          mutmut results

Phase 4: Optimization and Calibration (Week 7-8)

The final phase was dedicated to threshold optimization, false positive calibration, monitoring dashboard creation and team training. We also implemented an automatic feedback system that generates specific fix suggestions for each quality gate failure.


# Quality framework monitoring dashboard
class QualityDashboard:
    """Real-time dashboard for quality framework monitoring"""

    def __init__(self, data_sources):
        self.sources = data_sources

    def generate_weekly_report(self):
        """Weekly report for the team lead"""
        return {
            "period": self._current_week(),
            "quality_metrics": {
                "defect_rate_ai": self._current_defect_rate("ai"),
                "defect_rate_human": self._current_defect_rate("human"),
                "defect_rate_trend": self._defect_rate_trend(),
                "coverage_new_code": self._new_code_coverage(),
                "gate_pass_rate": self._gate_pass_rate(),
                "avg_fix_time": self._avg_quality_fix_time(),
            },
            "delivery_metrics": {
                "deployment_frequency": self._deploy_frequency(),
                "lead_time": self._avg_lead_time(),
                "change_failure_rate": self._change_failure_rate(),
                "mttr": self._mttr(),
            },
            "team_metrics": {
                "pr_throughput": self._pr_throughput(),
                "review_turnaround": self._review_turnaround(),
                "first_time_quality": self._first_time_quality(),
                "developer_satisfaction": self._satisfaction_score(),
            },
            "top_issues": self._top_quality_issues(),
            "recommendations": self._generate_recommendations()
        }

    def _generate_recommendations(self):
        """Generates data-based recommendations"""
        recs = []
        if self._gate_pass_rate() < 70:
            recs.append({
                "type": "training",
                "message": "Low gate pass rate: consider "
                           "AI code quality training for the team"
            })
        if self._new_code_coverage() < 75:
            recs.append({
                "type": "process",
                "message": "Coverage below target: implement "
                           "test-first for complex AI prompts"
            })
        return recs

Results: Before vs After

After 8 weeks of implementation, results measured over the following 2 months show significant improvements across all key metrics. The investment of 2 people for 8 weeks produced a positive ROI already in the first month post-implementation.

      Metrics Comparison: Before vs After the Quality Framework
      
        
          Metric
          Before
          After
          Variation
        

          AI defect rate (per 1000 LOC)
          5.8
          3.2
          -45%
        

          Production incidents/month
          8.3
          3.1
          -63%
        

          MTTR (hours)
          4.2
          2.1
          -50%
        

          New code coverage
          38%
          78%
          +105%
        

          Change Failure Rate
          22%
          8%
          -64%
        

          New code duplication
          19%
          4.2%
          -78%
        

          Average cognitive complexity
          18.4
          9.2
          -50%
        

          PR review time (hours)
          6.8
          3.4
          -50%
        

    

Challenges Encountered and Solutions

The implementation was not without difficulties. The main challenges involved initial team resistance, false positive calibration and balancing enforcement with productivity.

Challenge 1: Team Resistance

Some developers perceived quality gates as an obstacle to productivity. The solution was to involve them in threshold definition, show baseline data and implement changes gradually, starting with quick wins that generated immediate value.

Challenge 2: False Positives

Custom SAST rules for AI code initially generated too many false positives, frustrating developers. We dedicated week 7 to calibration, analyzing each false positive and refining rules until reaching a false positive rate below 5%.

Challenge 3: Impact on Velocity

In the first weeks, the gate pass rate was only 55%, significantly slowing the workflow. The situation stabilized by week 6, when the team internalized the new practices and the gate pass rate rose to 82%.

Lessons Learned

Start with data: without a measured baseline, you cannot demonstrate intervention impact
Quick wins first: implement secret detection and basic quality gate in the first 2 weeks to create momentum
Involve the team: thresholds imposed from above get bypassed; agreed thresholds get respected
Calibrate false positives: a false positive rate above 10% destroys trust in the system
Automate feedback: every quality gate failure must explain why and suggest how to fix
Measure everything: every change must be measurable to demonstrate ROI to management
Continuous iteration: the framework is never finished, thresholds must be continuously calibrated

ROI Analysis

The total investment for implementing the quality framework was approximately 640 person-hours (2 people, 8 weeks, 40 hours/week). The monthly savings generated by the reduction of incidents, rework and review time was calculated and demonstrated a payback period of approximately 5 weeks.


# Quality framework ROI calculation
def calculate_framework_roi():
    """ROI calculation for quality framework implementation"""
    hourly_rate = 75  # EUR/hour, average company cost

    # Implementation cost
    implementation_hours = 640  # 2 people x 8 weeks x 40h
    implementation_cost = implementation_hours * hourly_rate  # 48,000 EUR

    # Monthly savings
    monthly_savings = {
        # Incident reduction: from 8.3 to 3.1, saving 5.2 incidents/month
        # Average incident cost: 4.2h MTTR x 3 people involved
        "incident_reduction": 5.2 * 4.2 * 3 * hourly_rate,  # 4,914 EUR/month

        # Review time saved: from 6.8h to 3.4h per PR
        # ~30 PRs/month with AI code
        "review_time_saved": 30 * 3.4 * hourly_rate,  # 7,650 EUR/month

        # Rework reduction: -40% of bug fixing time
        # Estimate: 80 hours/month bug fixing before, now 48 hours
        "rework_reduction": 32 * hourly_rate,  # 2,400 EUR/month

        # Revenue loss avoided: -63% incidents x average impact
        "revenue_protected": 5.2 * 2500,  # 13,000 EUR/month (estimate)
    }

    total_monthly_savings = sum(monthly_savings.values())

    return {
        "implementation_cost": implementation_cost,
        "monthly_savings": total_monthly_savings,
        "payback_weeks": round(implementation_cost /
                               (total_monthly_savings / 4.33), 1),
        "annual_roi": round(
            (total_monthly_savings * 12 - implementation_cost) /
            implementation_cost * 100, 1
        ),
        "savings_breakdown": monthly_savings
    }

# Result:
# implementation_cost: 48,000 EUR
# monthly_savings: ~27,964 EUR
# payback_weeks: ~7.5 weeks
# annual_roi: ~599%

Recommendations for Other Teams

Based on the FinPay experience, here are the key recommendations for teams wanting to implement a similar quality framework for their AI-generated code.

Week 1-2: Foundations

Collect baseline metrics on at least 3 months of history
Implement secret detection as a pre-commit hook (immediate impact, zero false positives)
Create a custom SonarQube Quality Gate for AI code

Week 3-4: Processes

Introduce the AI code review checklist as a PR template
Define risk-based approval gates (security: 2 reviewers, standard: 1)
Train the team on prompting best practices for quality code

Week 5-6: Automation

Integrate SAST with custom rules for AI patterns in the CI/CD pipeline
Implement coverage gate with progressive threshold (start at 60%, raise to 75%)
Add mutation testing on critical modules

Week 7-8: Optimization

Calibrate thresholds based on real data from the first 4 weeks
Reduce false positives below 5%
Create the monitoring dashboard and configure alerts

Series Conclusions

This 9-article series has covered the entire spectrum of quality engineering for AI-generated code: from the problem and statistics, through metrics, security, testing, human validation, CI/CD guardrails and complexity, to productivity and practical implementation in this case study.

The fundamental message is clear: AI-generated code is not inherently problematic, but it requires a level of quality engineering that most teams are not yet applying. The tools exist, the metrics are defined, the processes are proven. All that is needed is the willingness to implement them.

AI is transforming how we write software. Quality engineering must transform alongside it, not fall behind. Teams that invest in this framework today will have a significant competitive advantage tomorrow.

Characteristic	Detail
Team size	12 developers (4 senior, 5 mid, 3 junior)
Codebase	Python/FastAPI, 180K LOC
AI code ratio	65% of new code
AI tools	GitHub Copilot, Claude (via API)
CI/CD	GitHub Actions, Docker, AWS ECS
Deployment frequency	3-4 deploys/week
Main problem	2x increase in incidents over 6 months

Metric	Baseline Value	Target
Defect rate (AI code, per 1000 LOC)	5.8	<3.5
Production incidents/month	8.3	<3.5
MTTR (hours)	4.2	<2.5
Code coverage (new AI code)	38%	>75%
Change Failure Rate	22%	<10%
New code duplication	19%	<5%
Average cognitive complexity	18.4	<10
PR review time (hours)	6.8	<4

Metric	Before	After	Variation
AI defect rate (per 1000 LOC)	5.8	3.2	-45%
Production incidents/month	8.3	3.1	-63%
MTTR (hours)	4.2	2.1	-50%
New code coverage	38%	78%	+105%
Change Failure Rate	22%	8%	-64%
New code duplication	19%	4.2%	-78%
Average cognitive complexity	18.4	9.2	-50%
PR review time (hours)	6.8	3.4	-50%