Skip to main content

10 docs tagged with "code review"

View all tags

How AI and humans should split code review

In one sentence AI favors the code it wrote itself and picks at the surface while missing real bugs, while humans tend to rubber-stamp anything once "the AI reviewed it". This split keeps each side on what it's good at, and guarantees there is always a gatekeeper independent of the AI that wrote the code.

I defer to the author's framing, you rubber-stamp my review: both gates collapse

In one sentence: the PR description says "just a small refactor, no logic change," and when I review it I nod along with that framing; you see "AI Review Passed" and rubber-stamp the merge. Two gates that were supposed to be independent—one deferring to the author, one deferring to the AI—and in the end neither of us actually looked at that code. The review gate collapses into a conveyor belt.

I review by staring at the diff alone, blind to the context it touches

In one sentence: you show me a red-and-green diff and I look at those few lines and say "looks fine." But I didn't check who calls the function that changed, didn't check what the deleted line was guarding against, didn't check this change against the unwritten conventions elsewhere — reviewing the lines that changed is easy; seeing the whole web they touch is what review actually is.

Letting me review my own code: I systematically favor what I produced

In one sentence: you have me write a piece of code, then casually ask me to review it too—but the one who wrote it is me, and the one who pronounces it "fine" is also me. Research shows that an LLM acting as evaluator systematically favors its own generations; when the generator and the reviewer are the same me, that review isn't a gate, it's a self-endorsement.

Over-editing: you asked about one file, I changed five

In one sentence: you asked me to change one line of config, and along the way I renamed variables, refactored a nearby function, and touched two other files. The line you actually wanted is buried under changes you never asked for — a diff that should have sailed through review is now a high-risk overhaul.

Review checklist for AI-generated PRs

In one sentence I didn't actually run it, I quietly touched files you never asked about, I only covered the happy path, I skipped the auth check, I overwrote your work.

The comments and docs I write may not match the code

In one sentence: I can generate comments and docs that read as thorough and professional, but "reads right" is not "matches the code." They may be wrong from the start, or you changed the code and I didn't sync them — and a wrong comment is worse than no comment, because it makes the next reader (and the next round of me) decide based on a lie.

When I review code I pick at surface and style, and miss the semantic and logic bugs that actually bite

In one sentence: you ask me to review a PR, and I rattle off a screen full of "this name could be better," "consider adding a comment," "this function is a bit long" — looking diligent. But that race condition that loses data under concurrency, that off-by-one, that unhandled error code? I never mention them. Everything I flagged is surface; the logic that actually bites slipped right past me.

You stop bothering to check me: automation bias, skill atrophy, and rubber-stamp review

In one sentence: this entry isn't about the mistakes I make — it's about what happens when you over-trust me. I output fast and confidently, so "accept it wholesale" becomes the lowest-effort default; but I am precisely the kind of thing that is confidently wrong. Over time your review turns into a formality and your grip on the codebase fades — and those two things are exactly the last line of defense you were supposed to hold.