AI Writes the Code — But Who Controls It? The Hidden Risk of AI-Generated ERPNext

AI Can Write Code in Seconds. That’s the Problem.

We have been using AI tools in our ERPNext development workflow for over a year. They are genuinely useful — for boilerplate, for syntax lookups, for generating a starting point on a complex script.

But we have noticed a pattern — and we see it in other developers’ code too.

The more you rely on AI without understanding, the faster your code gets out of your control.

How It Starts

At first, it feels like speed. You ask for a server script to validate a field on the Employee DocType. The AI produces something that looks clean and works in testing. You ship it.

Then you ask for another script. And another. Each one generated, reviewed quickly, merged.

Six months later: you have a system full of code you did not fully write, do not fully understand, and cannot fully debug when something breaks at 2am because payroll is processing.

The Real Risk Is Not the Code — It’s the Understanding Gap

AI-generated code is not inherently bad. The risk is what happens when your understanding of your own system depends on the AI that generated it.

• You cannot optimize code you do not understand
• You cannot debug effectively without knowing the logic flow
• You cannot review a pull request if both the PR author and reviewer used AI to generate and check it
• You cannot architect the next phase if you are not sure how the current phase actually works

In ERPNext specifically, this is compounded by the framework’s complexity. Frappe has its own lifecycle, its own hooks, its own patterns. AI tools frequently generate ERPNext code that works in isolation but breaks the framework’s assumptions in subtle ways.

Our Rule: Pause, Question, Understand the Flow

Before we merge any AI-generated code — ours or a team member’s — we ask three questions:

• Can we explain exactly what this code does without reading the AI’s explanation?
• Do we know what happens when this code fails — and how it fails?
• Is this consistent with the architectural decisions already made for this system?

If the answer to any of these is no, the code does not merge yet.

AI as a Tool, Not a Developer

The developers who use AI most effectively are the ones who already understand what they are asking for. They use AI to move faster through work they could do themselves — not to skip the understanding entirely.

Control the code before code controls you. That applies whether the code was written by a developer, generated by AI, or — as is increasingly the case — some combination of both.