Scaling Engineering with confidence: the role of AI, RAG and governance at iFood

How we connected documentation, AI and security to scale engineering at iFood

Introduction: the real challenge behind technical onboarding

In technology companies operating at scale, technical onboarding tends to be a sensitive point. The larger the organization, the greater the volume of standards, guides, architectural decisions, and security requirements that a developer needs to know before contributing with confidence.

At iFood, this challenge is no different. We operate with multiple platforms, dozens of engineering teams, and a technical ecosystem that evolves continuously. Historically, this has translated into a large volume of technical documentation, essential but distributed across different portals and contexts.

The problem is not in the existence of documentation. It arises when access to knowledge becomes a bottleneck for autonomy, especially in the first days of work, but also in the daily routine of those already working at the company. Every hour spent trying to locate standards or understand internal requirements is one less hour, generating real impact on the product.

The question that guided our work was direct: how to reduce the time between the need to implement a change and the delivery of code aligned with iFood’s standards, without compromising quality, security, or governance? Throughout this article, and through practical demonstrations, we show how we connected documentation, artificial intelligence, and engineering to address this challenge.

*Fragmented knowledge across different domains increases cognitive cost and reduces execution velocity in engineering*

The documentation exists, but the challenge is making it actionable. Today, iFood has robust documentation on:

Engineering and architecture standards;
Security and privacy guidelines;
Cloud, observability, and CI/CD best practices;
Internal platform specifications;
Guides for using artificial intelligence tools.

These materials are produced and maintained by the teams themselves, reflecting real engineering decisions. Still, for those arriving, there is a practical challenge: knowing where to look and how to connect this information to the context of a specific task.

Recognizing this “other side of the coin” was essential. The solution would not be to ask developers to read less documentation, but rather to change how knowledge is consumed.

Knowledge indexing and RAG: from reading to contextualization

The first step was to transform documentation into indexed and reusable knowledge. For this, we structured an architecture based on Retrieval-Augmented Generation (RAG), in which iFood’s main technical sources are indexed continuously.

In practice, this allows:

Relevant context to be retrieved dynamically, according to the question or task;
The correct knowledge to be presented at the right time;
The reader does not need to previously know the structure of the portals.

This approach reduces cognitive cost and brings documentation closer to the actual workflow. The focus shifts from “where is the information” to “how to apply this knowledge”.

*A single RAG pipeline connects curated knowledge sources to different consumers in the engineering workflow*

GenPlat: AI governance as part of engineering

This entire intelligence layer is orchestrated by iFood’s generative AI platform, called GenPlat. For those outside the context, it’s worth explaining: GenPlat functions as a centralized gateway for access to language models, whether proprietary or open source. If you’re curious to learn more about GenPlat, there’s an excellent post written by Igor Martinelli: https://medium.com/ifood-tech/genplat-a-plataforma-de-ia-generativa-do-ifood-8d5715015b4a

More than an integration point, GenPlat concentrates technical and security governance, including:

Consumption control and token usage limits;
Automatic treatment of personal data through anonymization;
Monitoring of usage, latency, and cost;
Detection of abuse attempts, such as prompt injection and jailbreak.

These mechanisms are not added later as external layers. They are part of the platform’s design and are developed by the engineering teams themselves, which ensures alignment between velocity, security, and compliance.

From a business perspective, this reduces operational risks and creates cost predictability. From a technical perspective, it eliminates the need for each team to solve the same problem in isolation.

*iFood’s Generative AI Platform – GenPlat*

Code agents as a meeting point between standard and practice

With indexed knowledge and established governance, the next step was to bring these capabilities to where code actually happens: development environments.

The code agents used at iFood are connected to both the knowledge base and GenPlat. This means they:

Recognize engineering patterns adopted by the company;
Incorporate security and privacy guidelines;
Contextualize responses based on the correct technical domain;
Assist in writing code aligned with internal practices.

The result is that a developer can, from day one, interact with the code of a real project and receive guidance aligned with the organization’s standards, without having to manually consult multiple documents.

It’s important to emphasize: this does not eliminate documentation. On the contrary. It becomes even more relevant, as it is actively used by the systems that support development.

The architecture presented so far materializes in daily work through tools that are already part of the development workflow. In the following video, we show how this model works in practice, both for people who are arriving and for those already working on mature applications.

Practical demonstrations: from day one to engineering at scale

To make these concepts more concrete, we prepared a practical video demonstration. It shows how the same knowledge base, combined with code agents and AI governance, supports both developers who are arriving and those who have been working at iFood for some time.

Demo: From “code found on the Internet” to iFood’s engineering standard

In our demonstration, we simulate a newly arrived developer solving a common problem: integrating a simple application with a language model.

The flow starts in the most traditional way possible. The developer searches the Internet for a simple Python example to consume the OpenAI API, copies the code snippet, and executes it locally in their development environment, such as PyCharm, an IDE widely adopted by the open source community and technology companies.

The result is a simple “hello world”, with direct interaction with the language model. Up to this point, nothing changes compared to what anyone would do outside of iFood.

The difference begins when this code needs to meet iFood’s internal engineering, security, and privacy standards. Instead of manually consulting multiple documentations, the person uses Copilot (or any other code agent, such as Claude Code or Cursor) integrated with Tompero Docs’ MCP, which provides contextualized access to iFood’s knowledge base, including technical standards, AI usage guidelines, and validated examples.

From this, the code agent automatically suggests:

replacing the provider’s direct endpoint with the GenPlat endpoint;
configuration adjustments aligned with engineering standards;
explicit activation of privacy controls.

The developer reviews the suggestion, understands the changes, and accepts the generated code.

In the final step of the demo, we show a critical governance point: the message sent to the model contains an email address. Before the prompt reaches the LLM provider, GenPlat applies the redaction process, automatically removing the personal data. The model never receives the sensitive information.

The result is functional code, aligned with iFood’s standards, with privacy applied by default, without the person having to manually implement these protections.

This scenario illustrates the principle that when documentation, AI, and governance are integrated into the development workflow, the standard ceases to be something that is consulted and becomes something that is applied.

A single knowledge base, multiple uses

An important learning from this process was realizing that the same knowledge base could be reused beyond development environments.

Today, this source also feeds:

An internal engineering support bot, used for quick clarification of doubts:

*Support Bot: The problem was resolved without the need for Production Support Team intervention*

The tompero ask command-line interface, which allows querying technical standards and guidelines directly from the terminal:

This reuse brings two clear benefits: consistency of responses and reduction of rework in maintaining multiple sources of information. For the business, this means scale. For the teams, it means trust.

Four essential lessons

Throughout this journey, some learnings stood out:

Documentation is more valuable when integrated into the workflow, not when isolated;
AI governance needs to be thought of as an engineering product, not as external control;
Reducing onboarding time is not just an efficiency gain, but also an engagement gain;
Well-designed security doesn’t slow down, it enables scale.

Although we are still evolving, we have already observed a significant reduction in the time needed for new people to contribute with productive code, in addition to greater adherence to technical standards from the beginning.

Less friction, more impact

At iFood, we believe that engineering quality and security should not depend exclusively on extensive reading or accumulated prior knowledge. They need to emerge from the tool ecosystem itself.

By connecting documentation, artificial intelligence, and governance in a single experience, we take an important step to make development more accessible, consistent, and scalable.

We continue working to expand the automation of knowledge source discovery and deepen transparency about our security mechanisms. Engineering continues to move forward. And, like any good platform in evolution, it remains in beta version.