Skip to content
AI Primer
workflow

AI-code review thread compares pre-patch tests, agent reviewers, and human spot checks

Engineers debated review depth for AI-written code, from Matt Pocock’s seven-level scale to automated-plus-human review loops. The split was whether pre-patch test failures and deterministic tools add trust, or mock-heavy unit tests just add churn.

5 min read
AI-code review thread compares pre-patch tests, agent reviewers, and human spot checks
AI-code review thread compares pre-patch tests, agent reviewers, and human spot checks

TL;DR

Kilo Code's GLM-5.2 code-review post found prompt wording mattered more than reasoning depth on a harder planted-bug corpus. Simon Willison's sqlite-utils write-up said Claude Fable found five release blockers before a 4.0 stable release, including a delete_where() transaction bug. Plannotator 0.22.0 turned the same debate into product surface area, with guided reviews and new agent review providers.

Code-reading scale

The useful move was turning "read the code" into a review-depth ladder:

  1. Read every line of every diff.
  2. Scan every diff, review important lines.
  3. Ignore diffs, but understand the why of every PR.
  4. Spot-check PRs instead of reading every one.
  5. Ignore PRs, but regularly spot-check the codebase.
  6. Ignore code, but spot-check agent traces to improve the system.
  7. Ignore both code and system, and let models handle everything.

The follow-up reply put one current workflow at levels 4 and 5, with higher-stakes projects moving further up the ladder the 4-and-5 reply. The same thread assumed an automated reviewer before human review at every level the automated-review assumption.

Pre-patch tests

In the pre-patch test note, the Frontier Code rule penalized new tests unless they failed on the pre-patch code. That is the cleanest single idea in the thread because it targets vacuous tests, not just test volume.

The Warden self-review recap described the same failure mode in production review form: a regression test passed because a mocked render path threw before the guard check executed. The fix mocked the render path, asserted the second head fetch, mutation-tested deletion of canWrite(), and passed 1,762 tests.

Maintainability evals

The open eval target was maintainability. The maintainability-benchmark ask asked for a benchmark that scores code maintainability, while the verifier talk note pointed at better verifiers for software quality and maintainability.

The hardness ladder for evals was blunt:

  • Classifier evals: trivial.
  • Coding-agent evals: extremely hard.
  • Harness-agnostic skill evals: unbelievably hard.

The data-problem reply framed the gap as a data problem, not a token problem.

Test churn

The testing split was about whether cheap tests are still valuable when the agent can rewrite them. The zero-value tests complaint said models often substitute "does the code run at all" for unit tests, and the mock-heavy test example called generated mocks a waste of inference and compute.

The counter-position was narrower. The conformance-tests reply kept special attention on parser-style conformance tests, and the cheap-test-code reply argued that falling human overhead changes the value of imperfect tests.

Agent review loops

The posted workflows were already multi-agent. In the recursive Amp workflow, focused reviewers ran in parallel with amp --mode claude-fable-5 -x across six areas:

  1. Cancellation and billing edge cases.
  2. Credit-consumption logic.
  3. Feature-flag UI leakage.
  4. amp usage behavior.
  5. Workspace-admin management.
  6. Site-admin behavior.

The AI-against-intent reply described the method as checking correctness by having AI compare code against intent. The deterministic-tools reply described a heavier loop: agents review all code multiple times, deterministic tools evaluate it, and a human watches for trouble spots and design issues.

Verification cost

The cost argument was not about ordinary CI minutes. The side-projects-versus-Sentry reply said the gap now comes from company-scale verification agents and tooling that are not worth running on personal projects.

The QA-systems reply narrowed the issue to complicated QA systems, not free GitHub Actions. The agentic-review warning claimed that without agentic review systems, teams are shipping bad code because models do not consistently generate secure, correct, maintainable output.

Review benchmarks

Kilo Code's controlled test separated local bug finding from system-level review:

  • The simple-codebase result said GLM-5.2 caught every serious security bug in every run, scoring 13 to 15 of 16, with little prompt sensitivity.
  • The harder-codebase result said coverage dropped on subtler bugs, and request wording moved results more than extra reasoning.
  • The cross-route rule result said the model nailed local bugs but missed rules spread across routes, such as archived tasks leaking into search, exports, and overdue lists.
  • The best-run result put GLM-5.2's best hard-case run at 7 of 10, one finding behind Opus 4.8 and two behind GPT-5.5.

That lines up with the targeted-loop comment, which argued that some review failures need highly targeted benchmark loops rather than generic LLM code review.

Guided review UIs

Plannotator 0.22.0 shipped the code-review argument as interface design. The release post listed guided reviews with semantic overviews ordered by importance, local and PR change support, Pi and Copilot review providers, a default git status view, and a commits view with descriptions and changes.

The provider-panel follow-up added that custom review skills can be launched from the UI, with model selection exposed in the review agent panel.

Further reading

Discussion across the web

Where this story is being discussed, in original context.

On X· 7 threads
TL;DR2 posts
Code-reading scale2 posts
Maintainability evals3 posts
Test churn2 posts
Agent review loops1 post
Verification cost2 posts
Review benchmarks5 posts
·
Other sources· 1 post

sqlite-utils 4.0rc2, mostly written by Claude Fable (for about $149.25)

I wrote about the sqlite-utils 4.0rc1 release a couple of weeks ago. Since we only have Claude Fable on our Max subscriptions for a few more days, I decided to see if it could help me get to a 4.0 stable release that I felt truly comfortable about, since I try to keep to SemVer and like my incompatible major versions to be as rare as possible. I started with this prompt, in Claude Code for web on my iPhone: Final review before shipping a stable 4.0 release - very important to spot any last minute things that would be a breaking change if we fix them later Here's that initial report it created for me. There were some significant problems that I hadn't myself encountered yet - 5 that Fable categorized as "release blockers". Here's the worst of the bunch: 1. delete_where() never commits and poisons the connection (data loss) Table.delete_where() (sqlite_utils/db.py:2948) runs its DELETE via a bare self.db.execute() with no atomic() wrapper — compare Table.delete() at db.py:2944, which wraps correctly. The connection is left in_transaction=True, so every subsequent atomic() call takes the savepoint branch (db.py:430-440) and never commits either. Reproduced end-to-end: db = sqlite_utils.Database("dw.db") db["t"].insert_all([{"id": i} for i in range(3)], pk="id") db["t"].delete_where("id = ?", [0]) # conn.in_transaction is now True db["t"].insert({"id": 50}) db["u"].insert({"a": 1}) db.close() # Reopen: rows are [0, 1, 2] — the delete, row 50, AND table u are all gone. That's a re

Share on X