I create modern web applications and custom digital tools to help businesses grow through technological innovation. My passion is combining computer science and economics to generate real value.
My passion for computer science was born at the Technical Commercial Institute of Maglie, where I discovered the power of programming and the fascination of creating digital solutions. From the start, I understood that computer science was not just code, but an extraordinary tool for turning ideas into reality.
During my studies in Business Information Systems, I began to interweave computer science and economics, understanding how technology can be the engine of growth for any business. This vision accompanied me to the University of Bari, where I obtained my degree in Computer Science, deepening my technical skills and passion for software development.
Today I put this experience at the service of businesses, professionals and startups, creating tailor-made digital solutions that automate processes, optimize resources and open new business opportunities. Because true innovation begins when technology meets the real needs of people.
My Skills
Data Analysis & Predictive Models
I transform data into strategic insights with in-depth analysis and predictive models for informed decisions
Process Automation
I create custom tools that automate repetitive operations and free up time for value-added activities
Custom Systems
I develop tailor-made software systems, from platform integrations to customized dashboards
Credo fermamente che l'informatica sia lo strumento più potente per trasformare le idee in realtà e migliorare la vita delle persone.
Democratizzare la Tecnologia
La mia missione è rendere l'informatica accessibile a tutti: dalle piccole imprese locali alle startup innovative, fino ai professionisti che vogliono digitalizzare la propria attività. Ogni realtà merita di sfruttare le potenzialità del digitale.
Unire Informatica ed Economia
Non è solo questione di scrivere codice: è capire come la tecnologia possa generare valore reale. Intrecciando competenze informatiche e visione economica, aiuto le attività a crescere, ottimizzare processi e raggiungere nuovi traguardi di efficienza e redditività.
Creare Soluzioni su Misura
Ogni attività è unica, e così devono esserlo le soluzioni. Sviluppo strumenti personalizzati che rispondono alle esigenze specifiche di ciascun cliente, automatizzando processi ripetitivi e liberando tempo per ciò che conta davvero: far crescere il business.
Trasforma la Tua Attività con la Tecnologia
Che tu gestisca un negozio, uno studio professionale o un'azienda, posso aiutarti a sfruttare le potenzialità dell'informatica per lavorare meglio, più velocemente e in modo più intelligente.
Bari, Puglia, Italy · Hybrid
Analysis and development of computer systems through the use of Java and Quarkus in Health and Public Sector. Continuous training on modern technologies for creating customized and efficient software solutions and on agents.
💼
06/2022 - 12/2024
Software analyst and Back End Developer Associate Consultant
Links Management and Technology SpA
Experience analyzing as-is software systems and ETL flows using PowerCenter. Completed Spring Boot training for developing modern and scalable backend applications. Backend developer specialized in Spring Boot, with experience in database design, analysis, development and testing of assigned tasks.
💼
02/2021 - 10/2021
Software programmer
Adesso.it (prima era WebScience srl)
Experience in AS-IS and TO-BE analysis, SEO evolutions and website evolutions to improve user performance and engagement.
🎓
2018 - 2025
Degree in Computer Science
University of Bari Aldo Moro
Bachelor's degree in Computer Science, focusing on software engineering, algorithms, and modern development practices.
📚
2013 - 2018
Diploma - Corporate Information Systems
Technical Commercial Institute of Maglie
Technical diploma specializing in Business Information Systems, combining IT knowledge with business management.
Contattami
Hai un progetto in mente? Parliamone! Compila il form qui sotto e ti risponderò al più presto.
* Campi obbligatori. I tuoi dati saranno utilizzati solo per rispondere alla tua richiesta.
CI/CD Guardrails for AI-Generated Code
CI/CD guardrails represent the last automated line of defense against
low-quality AI code. Quality gates, policy enforcement and automatic rejection transform
the pipeline from a simple build and deploy tool into a quality assurance system that
proactively blocks code that does not meet the standards defined by the team.
In this article we will see how to implement quality gates specific to AI code in the CI/CD
pipeline, configure SonarQube for automatic rejection, integrate policy as code with OPA
and Kyverno, and build a monitoring system with real-time dashboards.
What You Will Learn
How to design multi-level quality gates for AI code
Advanced SonarQube configuration with AI-specific thresholds
Policy as Code with Open Policy Agent (OPA) for automatic enforcement
Security scanning integration in the CI/CD pipeline
Automatic rejection: when and how to block merges
Monitoring dashboards and alerting for AI code quality
Quality Gates Architecture
An effective quality gates system for AI code is organized in multiple levels, each with
specific responsibilities. Each level acts as a progressive filter: the fastest and least
expensive checks are executed first, the most thorough only if the previous ones pass.
Quality Gate Levels
Level
Phase
Checks
Time
L1
Pre-commit
Linting, formatting, secret detection
<10s
L2
Pull Request
SAST, unit tests, coverage check
<5min
L3
CI Pipeline
SonarQube analysis, dependency scan, mutation test
SonarQube is the heart of the quality gates system. The standard configuration is not adequate
for AI-generated code: a custom Quality Profile with more restrictive thresholds
and additional rules that catch typical AI error patterns is needed.
Beyond standard thresholds, it is possible to create custom rules in SonarQube to detect
patterns specific to AI code. These rules catch anti-patterns that built-in rules do not
cover, such as excessive use of generic exceptions, missing input validation and near-miss
duplication.
Policy as Code with Open Policy Agent
Open Policy Agent (OPA) allows defining quality policies as code, versioned
and tested like any other software artifact. OPA policies can be integrated into the CI/CD
pipeline for automatic enforcement of AI code quality rules.
# OPA Policy for AI code quality (Rego language)
# policies/ai_code_quality.rego
package ai_code_quality
# Rule: block merge if coverage is below threshold
deny[msg] {
input.coverage.new_code < 75
msg := sprintf("Insufficient coverage: %v%% (minimum 75%%)",
[input.coverage.new_code])
}
# Rule: block merge if there are critical vulnerabilities
deny[msg] {
vuln := input.security.vulnerabilities[_]
vuln.severity == "CRITICAL"
msg := sprintf("Critical vulnerability: %s (CWE-%s)",
[vuln.description, vuln.cwe])
}
# Rule: block merge if cognitive complexity is too high
deny[msg] {
func := input.complexity.functions[_]
func.cognitive_complexity > 15
msg := sprintf("Cognitive complexity too high in %s: %v (max 15)",
[func.name, func.cognitive_complexity])
}
# Rule: block merge if hardcoded secrets found
deny[msg] {
secret := input.secrets[_]
msg := sprintf("Hardcoded secret found: %s at line %v",
[secret.type, secret.line])
}
# Rule: warning if duplication above threshold
warn[msg] {
input.duplication.new_code > 3
msg := sprintf("Duplication at %v%% (warning threshold: 3%%)",
[input.duplication.new_code])
}
# Final decision
allow {
count(deny) == 0
}
Automatic Rejection: When and How to Block
Automatic rejection is the mechanism that prevents non-compliant code from reaching the
main branch. It is fundamental to clearly define blocking criteria, communicate the reason
for rejection clearly, and provide actionable guidance for resolution.
Automatic Rejection Criteria for AI Code
Criterion
Threshold
Action
Critical vulnerabilities (CRITICAL/HIGH)
0 tolerated
Immediate merge block
Hardcoded secrets
0 tolerated
Immediate block + security team alert
New code coverage
<75%
Block until tests added
Cognitive complexity
>15 per function
Block until refactored
New code duplication
>5%
Block until deduplicated
SonarQube Quality Gate
FAILED
Block until resolved
Effective Feedback Loop
When a merge is blocked, the developer must receive clear, specific and actionable feedback.
A generic message like "Quality gate failed" is not sufficient. The system must indicate
exactly which files, which lines and which metrics caused the block, with suggestions on
how to resolve the problem.
# Feedback system for quality gate failures
class QualityGateFeedback:
"""Generates actionable feedback for quality gate failures"""
def generate_pr_comment(self, gate_results):
"""Generates a PR comment with failure details"""
sections = []
if gate_results["coverage"]["failed"]:
sections.append(self._coverage_feedback(gate_results["coverage"]))
if gate_results["security"]["failed"]:
sections.append(self._security_feedback(gate_results["security"]))
if gate_results["complexity"]["failed"]:
sections.append(self._complexity_feedback(gate_results["complexity"]))
return {
"title": "Quality Gate: FAILED",
"summary": f"{len(sections)} issues to resolve before merge",
"sections": sections,
"auto_suggestions": self._generate_fix_suggestions(gate_results)
}
def _coverage_feedback(self, coverage_data):
return {
"title": "Insufficient Coverage",
"current": f"{coverage_data['actual']}%",
"required": f"{coverage_data['threshold']}%",
"uncovered_files": coverage_data["uncovered_files"],
"action": "Add tests for the files listed above, "
"focusing on error paths and edge cases"
}
def _generate_fix_suggestions(self, results):
"""Generates automatic fix suggestions"""
suggestions = []
for issue in results.get("issues", []):
if issue["type"] == "hardcoded_secret":
suggestions.append(
f"Line {issue['line']}: replace with "
f"os.getenv('{issue['suggested_env_var']}')"
)
elif issue["type"] == "high_complexity":
suggestions.append(
f"Function {issue['function']}: "
f"decompose into smaller functions"
)
return suggestions
Monitoring Dashboard
A real-time dashboard is essential for monitoring the health of the quality pipeline and
identifying problematic trends before they become critical. The dashboard must show both
current state and trends over time, allowing team leaders to make informed decisions
about AI code management.
Metrics to Display on the Dashboard
Gate Pass Rate: percentage of PRs that pass the quality gate on first attempt
Average Fix Time: average time to resolve a quality gate failure
Top Failing Rules: rules causing the most failures (identifies training needs)
AI vs Human Code Ratio: percentage of AI code per sprint
Defect Escape Rate: production bugs that passed quality gates
Pipeline Execution Time: pipeline duration to optimize feedback loops
Threshold Tuning and Calibration
Quality gate thresholds are not static. They must be calibrated over time based on actual
team and project data. Overly restrictive thresholds slow development and frustrate developers.
Overly permissive thresholds let low-quality code through. The recommended approach is to
start with moderate thresholds and progressively tighten them.
Conclusions
CI/CD guardrails are the pillar of quality automation for AI-generated code. Multi-level
quality gates, SonarQube configured with specific thresholds, policy as code with OPA and
automatic rejection with actionable feedback form a robust system that protects the codebase
without excessively slowing development.
In the next article we will delve into complexity assessment: cognitive load
metrics, Halstead metrics, architecture fitness functions and how to evaluate whether AI code
is increasing or reducing the overall system complexity.
Automation does not replace human judgment, but amplifies it. A well-designed guardrail system
frees developers from repetitive verification work, allowing them to focus on semantic and
architectural quality.
