Code
The Code (or Implementation) phase is where the actual software construction takes place, with developers writing the code according to the design specifications created in the previous stage. This is typically the longest phase of the SDLC - and the one where good habits compound and bad habits create the most damage.
Development Environment
Before writing a single line of code, ensure the team has a consistent and productive development environment.
- Environment Setup: Configure , compilers, and necessary tools. Document the setup process so new team members can be productive within hours, not days.
- : Use containerised development environments (e.g. VS Code Dev Containers, GitHub Codespaces) to eliminate "works on my machine" problems.
- Environment Parity: Keep development, staging, and production environments as similar as possible. Differences between environments are a leading cause of deployment failures.
Branching Strategies
How you manage code branches directly affects your team's ability to collaborate and ship.
- : All developers commit directly to
main(or use very short-lived branches that merge within hours). Requires strong and . Minimises merge conflicts and enables continuous deployment. - : Feature branches off
main, merged via pull requests after review. Simple and effective for most teams. - : Long-lived
developandmainbranches with feature, release, and hotfix branches. More ceremony, suited to teams with formal release schedules.
By Company Stage
- Startup: Use trunk-based development or simple GitHub Flow. Ship from
mainas often as possible - ideally multiple times per day. Minimal ceremony, rapid iteration. One or two developers reviewing each other's code informally is sufficient. - Growth Stage: Adopt GitHub Flow with enforced pull request reviews. Introduce PR templates, (CODEOWNERS), and branch protection rules. Establish a style guide and shared coding standards. Two reviewers per PR becomes the norm.
- Established: Implement formal code review gates with required approvals from domain experts. Use architecture compliance checks in CI (e.g. ArchUnit, dependency-cruiser). Consider practices to allow cross-team contributions while maintaining quality standards.
Code Quality
Consistent code quality does not happen by accident - it requires intentional tooling and culture.
Coding Standards
- Define and enforce a team style guide. For most languages, adopt a widely-used community standard (e.g. Airbnb for JavaScript/TypeScript, PEP 8 for Python, Google style guides for Go/Java) rather than inventing your own.
- Configure tools (ESLint, Pylint, RuboCop) and formatters (Prettier, Black) to enforce standards automatically.
Pre-Commit Hooks
Use to catch issues before code ever reaches a pull request:
- Run linters and formatters
- Check for secrets or credentials accidentally committed
- Run fast unit tests
- Validate commit message format
Code Review
is one of the highest-leverage quality activities. Effective code review is not about catching syntax errors (that is what linters are for) - it is about:
- Validating the approach and design decisions
- Sharing knowledge across the team
- Catching logic errors and edge cases
- Ensuring code is maintainable and well-documented
Code Review Best Practices
- Keep PRs small - aim for under 400 lines of changes. Large PRs get rubber-stamped.
- Review within 24 hours - long review queues kill velocity.
- Be specific and kind - frame feedback as questions or suggestions, not commands.
- Use automated checks first - let catch style/lint issues so humans focus on logic and design.
Documentation as Code
- Inline Documentation: Write code comments that explain why, not what. The code itself should explain what it does.
- : Keep architecture decision records in the repository alongside the code they describe.
- API Documentation: Generate API docs from code annotations (JSDoc, Swagger/OpenAPI, Python docstrings) to keep documentation in sync with implementation.
Common Pitfalls
Anti-patterns to Avoid
- No Coding Standards: Without enforced standards, codebases become inconsistent and hard to navigate. New team members take longer to onboard and bugs hide in style inconsistency.
- PR Rubber-Stamping: Approving PRs without reading them defeats the purpose of review. If PRs are too large to review properly, they are too large - break them up.
- Poor Documentation: Code without context becomes legacy code. If you cannot explain why a decision was made, the next developer will either waste time understanding it or rewrite it.
- Gold Plating: Polishing code beyond what the requirement asks for. Ship it, learn from production feedback, then refine.
Development Key Deliverables
- Source Code (in version control)
- Unit Test Results
- Technical Documentation and ADRs
- Code Review Records
tip
During this phase, developers should be writing tests as they code to ensure the code is working as expected - integrating the next stage, Verify, as they develop the software.
info
How AI Can Help: Coding
AI has transitioned from a simple tool to an intelligent pair programmer:
- Predictive Coding: Several IDEs have now been developed with integrated AI that can provide context-aware code completions and can generate entire functions capabilities directly, including but not limited to Cursor, Claude Code and Antigravity. Other tools include GitHub Copilot, Amazon Q Developer, Sourcegraph, and JetBrains AI.
- Code Review: AI can review code and provide feedback on the code, including but not limited to Cursor's Bugbot, CodeRabbit, Greptile and Graphite.
- Security Scanning: Tools like Snyk and Veracode perform real-time security analysis as code is written, identifying vulnerabilities instantly.
- Documentation: AI can automatically generate docstrings and comments, keeping documentation in sync with code changes. This is often done automatically in the IDEs mentioned above.