[{"data":1,"prerenderedAt":1413},["ShallowReactive",2],{"blog:\u002Fblog\u002F2026-05-03-ai-code-review-patterns-worth-stealing":3},{"id":4,"title":5,"body":6,"date":1404,"description":12,"extension":1405,"image":1406,"meta":1407,"navigation":278,"path":1408,"seo":1409,"stem":1410,"summary":1411,"__hash__":1412},"blog\u002Fblog\u002F2026-05-03-ai-code-review-patterns-worth-stealing.md","AI Code Review: Four Pipelines Worth Stealing",{"type":7,"value":8,"toc":1394},"minimark",[9,13,37,44,49,60,75,88,92,103,110,128,132,151,165,179,183,210,227,242,245,253,256,1225,1229,1232,1361,1365,1377,1390],[10,11,12],"p",{},"If you squint at the ecosystem long enough, four distinct “species” of automated review emerge. They are not interchangeable: each one bakes in a different theory of what a good review is.",[10,14,15,19,20,23,24,27,28,31,32,36],{},[16,17,18],"strong",{},"Codex"," optimizes for a strict rubric and output shape: severity bands, line-grounded claims, and a final verdict tied to the diff. ",[16,21,22],{},"Claude Code"," pushes toward a fleet of specialized reviewers plus an explicit false-positive filter. ",[16,25,26],{},"Gemini’s code-review path"," hard-enforces changed-line discipline so noise does not spill across untouched code. ",[16,29,30],{},"Cursor-flavored CI"," tends toward a practical contract: fixed artifacts (",[33,34,35],"code",{},"review.md",", JSON comments, verdict files) that humans and scripts can consume.",[10,38,39,40,43],{},"The point is not brand loyalty. The point is to ",[16,41,42],{},"compose",": steal the skeleton that matches your failure mode, then wire it into whatever agent or Action you already run.",[45,46,48],"h2",{"id":47},"codex-the-baseline-rubric","Codex: the baseline rubric",[10,50,51,52,55,56,59],{},"OpenAI’s Codex ships a ",[33,53,54],{},"review_prompt.md"," that is unusually explicit about scope control. It asks reviewers to flag only issues that materially affect correctness, performance, security, or maintainability; only what the diff introduces; no speculation and no pre-existing noise. It also insists you ",[16,57,58],{},"do not stop at the first finding","—a direct counter to the lazy “one nit and done” failure mode.",[10,61,62,63,66,67,70,71,74],{},"The output shape is worth copying even if you never run Codex: ",[16,64,65],{},"P0–P3",", short titles, tight line ranges that overlap the diff, and a closing verdict (",[33,68,69],{},"patch is correct"," \u002F ",[33,72,73],{},"incorrect",") with confidence. That structure forces the model to argue like an engineer, not like a chatbot.",[10,76,77,78],{},"Source: ",[79,80,84,85],"a",{"href":81,"rel":82},"https:\u002F\u002Fgithub.com\u002Fopenai\u002Fcodex\u002Fblob\u002Fmain\u002Fcodex-rs\u002Fcore\u002Freview_prompt.md",[83],"nofollow","openai\u002Fcodex ",[33,86,87],{},"codex-rs\u002Fcore\u002Freview_prompt.md",[45,89,91],{"id":90},"claude-code-multi-agent-review-with-validation","Claude Code: multi-agent review with validation",[10,93,94,95,98,99,102],{},"Claude’s documented code-review flow behaves like a ",[16,96,97],{},"fleet",": multiple passes over the diff and broader codebase, then a separate verification step aimed at stripping false positives, deduplicating findings, and ranking what remains. In the open plugin material, the pattern is even clearer—parallel agents checking repo instructions versus hunting bugs, then subagents that try to ",[16,100,101],{},"invalidate"," each candidate finding. False positives are treated as actively harmful, which is the right incentive gradient for automation at scale.",[10,104,105,106,109],{},"If your reviews feel “smart but noisy,” this is the half to steal: ",[16,107,108],{},"generate candidates generously, then run a dedicated disproof pass"," before anything touches a human.",[10,111,112,113,118,119],{},"Sources: ",[79,114,117],{"href":115,"rel":116},"https:\u002F\u002Fcode.claude.com\u002Fdocs\u002Fen\u002Fcode-review",[83],"Code Review — Claude Code Docs",", ",[79,120,123,124,127],{"href":121,"rel":122},"https:\u002F\u002Fraw.githubusercontent.com\u002Fanthropics\u002Fclaude-code\u002Fmain\u002Fplugins\u002Fcode-review\u002Fcommands\u002Fcode-review.md",[83],"Anthropic ",[33,125,126],{},"plugins\u002Fcode-review"," command",[45,129,131],{"id":130},"gemini-cli-changed-line-guardrails","Gemini CLI: changed-line guardrails",[10,133,134,135,138,139,142,143,146,147,150],{},"The Gemini code-review extension exposes ",[33,136,137],{},"\u002Fcode-review"," and ",[33,140,141],{},"\u002Fpr-code-review",". The PR-oriented path pulls metadata plus the diff, activates shared ",[33,144,145],{},"code-review-commons",", can add inline comments, and submits the result as ",[16,148,149],{},"COMMENT","—not an automatic approve or request-changes stance, which keeps the human gate intact.",[10,152,153,154,157,158,70,161,164],{},"The shared skill is the sharp bit: understand intent first, read changed files and the diff, go deeper on application logic when needed, but ",[16,155,156],{},"only attach comments to lines that actually changed"," (",[33,159,160],{},"+",[33,162,163],{},"-","). That single rule removes a staggering amount of drive-by commentary.",[10,166,112,167,118,172],{},[79,168,171],{"href":169,"rel":170},"https:\u002F\u002Fraw.githubusercontent.com\u002Fgemini-cli-extensions\u002Fcode-review\u002Fmain\u002FREADME.md",[83],"gemini-cli-extensions\u002Fcode-review README",[79,173,176,178],{"href":174,"rel":175},"https:\u002F\u002Fraw.githubusercontent.com\u002Fgemini-cli-extensions\u002Fcode-review\u002Fmain\u002Fskills\u002Fcode-review-commons\u002FSKILL.md",[83],[33,177,145],{}," skill",[45,180,182],{"id":181},"cursor-and-ci-artifacts-as-the-contract","Cursor and CI: artifacts as the contract",[10,184,185,186,189,190,193,194,118,199,203,204,209],{},"There is no single “canonical Cursor review prompt” in the same sense as the files above, but public workflows show a repeatable shape. Streamlit’s workflow drives ",[33,187,188],{},"cursor-agent"," with PR context from ",[33,191,192],{},"gh",", asks for ",[16,195,196],{},[33,197,198],{},"inline_comments.json",[16,200,201],{},[33,202,35],{},", and ",[16,205,206],{},[33,207,208],{},"verdict.txt",", then publishes those artifacts. Separating “narrative review” from “machine-ingestible comments” from “merge verdict” is boring engineering—and therefore robust.",[10,211,212,213,118,216,203,219,222,223,226],{},"AutoAgent pushes the same idea further: one Action can orchestrate Cursor, Claude, Gemini, Codex, and others, with prompt templates such as ",[33,214,215],{},"base.prompt",[33,217,218],{},"code-review.prompt",[33,220,221],{},"comment.prompt"," checked into the repo. Your review becomes ",[16,224,225],{},"versioned infrastructure",", not a one-off chat.",[10,228,112,229,118,237],{},[79,230,233,234],{"href":231,"rel":232},"https:\u002F\u002Fgithub.com\u002Fstreamlit\u002Fstreamlit\u002Fblob\u002Fdevelop\u002F.github\u002Fworkflows\u002Fai-pr-review.yml",[83],"Streamlit ",[33,235,236],{},"ai-pr-review.yml",[79,238,241],{"href":239,"rel":240},"https:\u002F\u002Fgithub.com\u002Ferans\u002Fautoagent-action",[83],"erans\u002Fautoagent-action",[243,244],"hr",{},[45,246,248,249,252],{"id":247},"ready-to-use-prompt-save-as-reviewpromptmd","Ready-to-use prompt (save as ",[33,250,251],{},"review.prompt.md",")",[10,254,255],{},"Use this as the long-form default. It is strict about evidence, forbids polite summarization as a substitute for analysis, and requires multiple passes before the final answer.",[257,258,263],"pre",{"className":259,"code":260,"language":261,"meta":262,"style":262},"language-markdown shiki shiki-themes github-light github-dark","You are a senior code reviewer reviewing a proposed code change.\n\nYour job is NOT to summarize politely.\nYour job is to find real, actionable defects introduced by this change.\n\n## Review target\n\nReview the current change against the intended base branch.\n\nIf this is a PR:\n- Read the PR title\u002Fbody\u002Fmetadata if available.\n- Inspect the changed files and unified diff.\n- Use `gh pr diff`, `gh pr view`, and `git diff` as needed.\n\nIf this is local work:\n- Inspect staged, unstaged, and untracked changes.\n- Use:\n  - `git status --porcelain`\n  - `git diff`\n  - `git diff --staged`\n  - `git ls-files --others --exclude-standard`\n\nBefore judging, identify:\n1. The apparent intent of the change.\n2. The changed files.\n3. The contracts touched: APIs, schemas, DTOs, storage, async flows, validation, metrics, gates, configs, migrations, and external behavior.\n\n## Mandatory context pass\n\nRead only the context needed to validate the changed behavior:\n- Repository instructions: `AGENTS.md`, `CLAUDE.md`, `GEMINI.md`, `REVIEW.md`, or equivalent if present.\n- Files directly changed.\n- Files imported by or structurally adjacent to changed files when needed to validate behavior.\n- Relevant type definitions, config registries, tests, schemas, and call sites.\n\nDo not do broad unrelated codebase auditing.\n\n## What to flag\n\nFlag an issue only if ALL are true:\n\n1. It was introduced or made materially worse by this change.\n2. It has a provable impact on correctness, runtime behavior, data integrity, security, performance, operational safety, API\u002Fschema contract, or long-term maintainability.\n3. It is discrete and actionable.\n4. The author would likely fix it if they understood it.\n5. You can cite the exact file and minimal line range.\n6. The finding does not rely on unstated assumptions about intent.\n\nDo not flag:\n- Pre-existing issues.\n- Generic style opinions.\n- Formatting\u002Flint\u002Ftype issues that CI or compiler would catch, unless the breakage is central to the review.\n- Unused code, unused variables, extra touched files, or scope noise unless they cause a real behavioral\u002Flogic problem.\n- Missing tests as a standalone issue unless the change creates an unvalidated contract or critical regression risk.\n- “Consider”, “ensure”, “verify”, or vague advice without a concrete defect.\n- Anything you cannot validate with code evidence.\n\n## Deep analysis requirements\n\nPerform these passes before producing the final answer:\n\n### Pass 1 — Intent and surface area\nUnderstand what the change is trying to do and which behavior should remain invariant.\n\n### Pass 2 — Correctness\nTrace the changed logic through real call paths.\nLook for:\n- inverted conditions\n- missing gates\n- wrong defaults\n- stale assumptions\n- off-by-one errors\n- bad null\u002Fundefined handling\n- incorrect fallback semantics\n- silent degradation that hides broken data\n- async\u002Frace\u002Forder-of-operations bugs\n- broken enum\u002Fstring discriminants\n- schema\u002FAPI\u002Fcontract mismatch\n- metrics or observability lying about state\n\n### Pass 3 — Integration\u002Fcontracts\nCheck whether producers and consumers still agree:\n- DTOs \u002F Zod \u002F OpenAPI \u002F protobuf \u002F DB schema\n- config keys \u002F registry dispatch\n- event names \u002F metric labels\n- feature flags \u002F defaults\n- backwards compatibility\n- migrations and rollback safety\n\n### Pass 4 — Operational risk\nLook for bugs that create:\n- false positives \u002F false negatives\n- silent skips\n- misleading “success”\n- bad fallbacks\n- degraded alerting\n- production-only failure modes\n- expensive loops \u002F N+1 \u002F memory pressure\n- security or permission regression\n\n### Pass 5 — Finding validation\nFor every candidate finding, try to disprove it.\nKeep it only if it survives validation.\nIf confidence is below 0.75, drop it or mark it as a non-blocking question only if it is genuinely important.\n\nDo not stop after the first issue.\nReturn every qualifying issue.\n\n## Severity\n\nUse:\n\n- [P0] Release\u002Fops blocking. Universal severe failure.\n- [P1] Urgent. Likely production or correctness regression.\n- [P2] Normal. Real defect worth fixing.\n- [P3] Low. Minor but concrete issue.\n\nDo not inflate severity.\nFalse positives are worse than silence.\n\n## Output format\n\nReturn only the final review. No hidden reasoning transcript.\n\nUse this structure:\n\n# Review scope\n- Base\u002Ftarget inspected:\n- Changed files reviewed:\n- Extra context read:\n\n# Findings\n\nIf no qualifying findings:\n`No qualifying findings. Patch appears correct under the reviewed scope.`\n\nOtherwise, for each finding:\n\n## [P?] Short imperative title\n\n**Location:** `path\u002Fto\u002Ffile.ts:Lx-Ly`\n**Confidence:** 0.xx\n**Why this is a problem:** One concise paragraph explaining the concrete failure mode.\n**Scenario:** The specific input\u002Fstate\u002Fpath where it breaks.\n**Recommended fix:** Concrete action. Include a tiny code suggestion only if it fully fixes the issue.\n\n# Human reviewer callouts (non-blocking)\n\nInclude only applicable items:\n- Database migration \u002F irreversible operation\n- Dependency or lockfile change\n- Auth\u002Fpermission behavior change\n- Public API\u002Fschema\u002Fcontract change\n- Observability\u002Fmetrics semantics change\n- Backwards compatibility risk\n- Operational rollout risk\n\nIf none:\n- (none)\n\n# Verdict\n\n`correct` if there are no blocking correctness\u002Fsecurity\u002Fcontract issues.\n`needs attention` if at least one P0\u002FP1\u002FP2 finding should be fixed before merge.\n\nAdd a 1–3 sentence explanation.\n","markdown","",[33,264,265,273,280,286,292,297,303,308,314,319,325,331,337,343,348,354,360,366,372,378,384,390,395,401,407,413,419,424,430,435,441,447,453,459,465,470,476,481,487,492,498,503,509,515,521,527,533,539,544,550,556,562,568,574,580,586,592,597,603,608,614,619,625,631,636,642,648,654,660,666,672,678,684,690,696,702,708,714,720,726,731,737,743,749,755,761,767,773,779,784,790,796,802,808,814,820,826,832,838,844,849,855,861,867,873,878,884,890,895,901,906,912,917,923,929,935,941,946,952,958,963,969,974,980,985,991,996,1002,1008,1014,1020,1025,1031,1036,1042,1048,1053,1059,1064,1070,1075,1081,1087,1093,1099,1105,1110,1116,1121,1127,1133,1139,1145,1151,1157,1163,1169,1174,1180,1186,1191,1197,1202,1208,1214,1219],{"__ignoreMap":262},[266,267,270],"span",{"class":268,"line":269},"line",1,[266,271,272],{},"You are a senior code reviewer reviewing a proposed code change.\n",[266,274,276],{"class":268,"line":275},2,[266,277,279],{"emptyLinePlaceholder":278},true,"\n",[266,281,283],{"class":268,"line":282},3,[266,284,285],{},"Your job is NOT to summarize politely.\n",[266,287,289],{"class":268,"line":288},4,[266,290,291],{},"Your job is to find real, actionable defects introduced by this change.\n",[266,293,295],{"class":268,"line":294},5,[266,296,279],{"emptyLinePlaceholder":278},[266,298,300],{"class":268,"line":299},6,[266,301,302],{},"## Review target\n",[266,304,306],{"class":268,"line":305},7,[266,307,279],{"emptyLinePlaceholder":278},[266,309,311],{"class":268,"line":310},8,[266,312,313],{},"Review the current change against the intended base branch.\n",[266,315,317],{"class":268,"line":316},9,[266,318,279],{"emptyLinePlaceholder":278},[266,320,322],{"class":268,"line":321},10,[266,323,324],{},"If this is a PR:\n",[266,326,328],{"class":268,"line":327},11,[266,329,330],{},"- Read the PR title\u002Fbody\u002Fmetadata if available.\n",[266,332,334],{"class":268,"line":333},12,[266,335,336],{},"- Inspect the changed files and unified diff.\n",[266,338,340],{"class":268,"line":339},13,[266,341,342],{},"- Use `gh pr diff`, `gh pr view`, and `git diff` as needed.\n",[266,344,346],{"class":268,"line":345},14,[266,347,279],{"emptyLinePlaceholder":278},[266,349,351],{"class":268,"line":350},15,[266,352,353],{},"If this is local work:\n",[266,355,357],{"class":268,"line":356},16,[266,358,359],{},"- Inspect staged, unstaged, and untracked changes.\n",[266,361,363],{"class":268,"line":362},17,[266,364,365],{},"- Use:\n",[266,367,369],{"class":268,"line":368},18,[266,370,371],{},"  - `git status --porcelain`\n",[266,373,375],{"class":268,"line":374},19,[266,376,377],{},"  - `git diff`\n",[266,379,381],{"class":268,"line":380},20,[266,382,383],{},"  - `git diff --staged`\n",[266,385,387],{"class":268,"line":386},21,[266,388,389],{},"  - `git ls-files --others --exclude-standard`\n",[266,391,393],{"class":268,"line":392},22,[266,394,279],{"emptyLinePlaceholder":278},[266,396,398],{"class":268,"line":397},23,[266,399,400],{},"Before judging, identify:\n",[266,402,404],{"class":268,"line":403},24,[266,405,406],{},"1. The apparent intent of the change.\n",[266,408,410],{"class":268,"line":409},25,[266,411,412],{},"2. The changed files.\n",[266,414,416],{"class":268,"line":415},26,[266,417,418],{},"3. The contracts touched: APIs, schemas, DTOs, storage, async flows, validation, metrics, gates, configs, migrations, and external behavior.\n",[266,420,422],{"class":268,"line":421},27,[266,423,279],{"emptyLinePlaceholder":278},[266,425,427],{"class":268,"line":426},28,[266,428,429],{},"## Mandatory context pass\n",[266,431,433],{"class":268,"line":432},29,[266,434,279],{"emptyLinePlaceholder":278},[266,436,438],{"class":268,"line":437},30,[266,439,440],{},"Read only the context needed to validate the changed behavior:\n",[266,442,444],{"class":268,"line":443},31,[266,445,446],{},"- Repository instructions: `AGENTS.md`, `CLAUDE.md`, `GEMINI.md`, `REVIEW.md`, or equivalent if present.\n",[266,448,450],{"class":268,"line":449},32,[266,451,452],{},"- Files directly changed.\n",[266,454,456],{"class":268,"line":455},33,[266,457,458],{},"- Files imported by or structurally adjacent to changed files when needed to validate behavior.\n",[266,460,462],{"class":268,"line":461},34,[266,463,464],{},"- Relevant type definitions, config registries, tests, schemas, and call sites.\n",[266,466,468],{"class":268,"line":467},35,[266,469,279],{"emptyLinePlaceholder":278},[266,471,473],{"class":268,"line":472},36,[266,474,475],{},"Do not do broad unrelated codebase auditing.\n",[266,477,479],{"class":268,"line":478},37,[266,480,279],{"emptyLinePlaceholder":278},[266,482,484],{"class":268,"line":483},38,[266,485,486],{},"## What to flag\n",[266,488,490],{"class":268,"line":489},39,[266,491,279],{"emptyLinePlaceholder":278},[266,493,495],{"class":268,"line":494},40,[266,496,497],{},"Flag an issue only if ALL are true:\n",[266,499,501],{"class":268,"line":500},41,[266,502,279],{"emptyLinePlaceholder":278},[266,504,506],{"class":268,"line":505},42,[266,507,508],{},"1. It was introduced or made materially worse by this change.\n",[266,510,512],{"class":268,"line":511},43,[266,513,514],{},"2. It has a provable impact on correctness, runtime behavior, data integrity, security, performance, operational safety, API\u002Fschema contract, or long-term maintainability.\n",[266,516,518],{"class":268,"line":517},44,[266,519,520],{},"3. It is discrete and actionable.\n",[266,522,524],{"class":268,"line":523},45,[266,525,526],{},"4. The author would likely fix it if they understood it.\n",[266,528,530],{"class":268,"line":529},46,[266,531,532],{},"5. You can cite the exact file and minimal line range.\n",[266,534,536],{"class":268,"line":535},47,[266,537,538],{},"6. The finding does not rely on unstated assumptions about intent.\n",[266,540,542],{"class":268,"line":541},48,[266,543,279],{"emptyLinePlaceholder":278},[266,545,547],{"class":268,"line":546},49,[266,548,549],{},"Do not flag:\n",[266,551,553],{"class":268,"line":552},50,[266,554,555],{},"- Pre-existing issues.\n",[266,557,559],{"class":268,"line":558},51,[266,560,561],{},"- Generic style opinions.\n",[266,563,565],{"class":268,"line":564},52,[266,566,567],{},"- Formatting\u002Flint\u002Ftype issues that CI or compiler would catch, unless the breakage is central to the review.\n",[266,569,571],{"class":268,"line":570},53,[266,572,573],{},"- Unused code, unused variables, extra touched files, or scope noise unless they cause a real behavioral\u002Flogic problem.\n",[266,575,577],{"class":268,"line":576},54,[266,578,579],{},"- Missing tests as a standalone issue unless the change creates an unvalidated contract or critical regression risk.\n",[266,581,583],{"class":268,"line":582},55,[266,584,585],{},"- “Consider”, “ensure”, “verify”, or vague advice without a concrete defect.\n",[266,587,589],{"class":268,"line":588},56,[266,590,591],{},"- Anything you cannot validate with code evidence.\n",[266,593,595],{"class":268,"line":594},57,[266,596,279],{"emptyLinePlaceholder":278},[266,598,600],{"class":268,"line":599},58,[266,601,602],{},"## Deep analysis requirements\n",[266,604,606],{"class":268,"line":605},59,[266,607,279],{"emptyLinePlaceholder":278},[266,609,611],{"class":268,"line":610},60,[266,612,613],{},"Perform these passes before producing the final answer:\n",[266,615,617],{"class":268,"line":616},61,[266,618,279],{"emptyLinePlaceholder":278},[266,620,622],{"class":268,"line":621},62,[266,623,624],{},"### Pass 1 — Intent and surface area\n",[266,626,628],{"class":268,"line":627},63,[266,629,630],{},"Understand what the change is trying to do and which behavior should remain invariant.\n",[266,632,634],{"class":268,"line":633},64,[266,635,279],{"emptyLinePlaceholder":278},[266,637,639],{"class":268,"line":638},65,[266,640,641],{},"### Pass 2 — Correctness\n",[266,643,645],{"class":268,"line":644},66,[266,646,647],{},"Trace the changed logic through real call paths.\n",[266,649,651],{"class":268,"line":650},67,[266,652,653],{},"Look for:\n",[266,655,657],{"class":268,"line":656},68,[266,658,659],{},"- inverted conditions\n",[266,661,663],{"class":268,"line":662},69,[266,664,665],{},"- missing gates\n",[266,667,669],{"class":268,"line":668},70,[266,670,671],{},"- wrong defaults\n",[266,673,675],{"class":268,"line":674},71,[266,676,677],{},"- stale assumptions\n",[266,679,681],{"class":268,"line":680},72,[266,682,683],{},"- off-by-one errors\n",[266,685,687],{"class":268,"line":686},73,[266,688,689],{},"- bad null\u002Fundefined handling\n",[266,691,693],{"class":268,"line":692},74,[266,694,695],{},"- incorrect fallback semantics\n",[266,697,699],{"class":268,"line":698},75,[266,700,701],{},"- silent degradation that hides broken data\n",[266,703,705],{"class":268,"line":704},76,[266,706,707],{},"- async\u002Frace\u002Forder-of-operations bugs\n",[266,709,711],{"class":268,"line":710},77,[266,712,713],{},"- broken enum\u002Fstring discriminants\n",[266,715,717],{"class":268,"line":716},78,[266,718,719],{},"- schema\u002FAPI\u002Fcontract mismatch\n",[266,721,723],{"class":268,"line":722},79,[266,724,725],{},"- metrics or observability lying about state\n",[266,727,729],{"class":268,"line":728},80,[266,730,279],{"emptyLinePlaceholder":278},[266,732,734],{"class":268,"line":733},81,[266,735,736],{},"### Pass 3 — Integration\u002Fcontracts\n",[266,738,740],{"class":268,"line":739},82,[266,741,742],{},"Check whether producers and consumers still agree:\n",[266,744,746],{"class":268,"line":745},83,[266,747,748],{},"- DTOs \u002F Zod \u002F OpenAPI \u002F protobuf \u002F DB schema\n",[266,750,752],{"class":268,"line":751},84,[266,753,754],{},"- config keys \u002F registry dispatch\n",[266,756,758],{"class":268,"line":757},85,[266,759,760],{},"- event names \u002F metric labels\n",[266,762,764],{"class":268,"line":763},86,[266,765,766],{},"- feature flags \u002F defaults\n",[266,768,770],{"class":268,"line":769},87,[266,771,772],{},"- backwards compatibility\n",[266,774,776],{"class":268,"line":775},88,[266,777,778],{},"- migrations and rollback safety\n",[266,780,782],{"class":268,"line":781},89,[266,783,279],{"emptyLinePlaceholder":278},[266,785,787],{"class":268,"line":786},90,[266,788,789],{},"### Pass 4 — Operational risk\n",[266,791,793],{"class":268,"line":792},91,[266,794,795],{},"Look for bugs that create:\n",[266,797,799],{"class":268,"line":798},92,[266,800,801],{},"- false positives \u002F false negatives\n",[266,803,805],{"class":268,"line":804},93,[266,806,807],{},"- silent skips\n",[266,809,811],{"class":268,"line":810},94,[266,812,813],{},"- misleading “success”\n",[266,815,817],{"class":268,"line":816},95,[266,818,819],{},"- bad fallbacks\n",[266,821,823],{"class":268,"line":822},96,[266,824,825],{},"- degraded alerting\n",[266,827,829],{"class":268,"line":828},97,[266,830,831],{},"- production-only failure modes\n",[266,833,835],{"class":268,"line":834},98,[266,836,837],{},"- expensive loops \u002F N+1 \u002F memory pressure\n",[266,839,841],{"class":268,"line":840},99,[266,842,843],{},"- security or permission regression\n",[266,845,847],{"class":268,"line":846},100,[266,848,279],{"emptyLinePlaceholder":278},[266,850,852],{"class":268,"line":851},101,[266,853,854],{},"### Pass 5 — Finding validation\n",[266,856,858],{"class":268,"line":857},102,[266,859,860],{},"For every candidate finding, try to disprove it.\n",[266,862,864],{"class":268,"line":863},103,[266,865,866],{},"Keep it only if it survives validation.\n",[266,868,870],{"class":268,"line":869},104,[266,871,872],{},"If confidence is below 0.75, drop it or mark it as a non-blocking question only if it is genuinely important.\n",[266,874,876],{"class":268,"line":875},105,[266,877,279],{"emptyLinePlaceholder":278},[266,879,881],{"class":268,"line":880},106,[266,882,883],{},"Do not stop after the first issue.\n",[266,885,887],{"class":268,"line":886},107,[266,888,889],{},"Return every qualifying issue.\n",[266,891,893],{"class":268,"line":892},108,[266,894,279],{"emptyLinePlaceholder":278},[266,896,898],{"class":268,"line":897},109,[266,899,900],{},"## Severity\n",[266,902,904],{"class":268,"line":903},110,[266,905,279],{"emptyLinePlaceholder":278},[266,907,909],{"class":268,"line":908},111,[266,910,911],{},"Use:\n",[266,913,915],{"class":268,"line":914},112,[266,916,279],{"emptyLinePlaceholder":278},[266,918,920],{"class":268,"line":919},113,[266,921,922],{},"- [P0] Release\u002Fops blocking. Universal severe failure.\n",[266,924,926],{"class":268,"line":925},114,[266,927,928],{},"- [P1] Urgent. Likely production or correctness regression.\n",[266,930,932],{"class":268,"line":931},115,[266,933,934],{},"- [P2] Normal. Real defect worth fixing.\n",[266,936,938],{"class":268,"line":937},116,[266,939,940],{},"- [P3] Low. Minor but concrete issue.\n",[266,942,944],{"class":268,"line":943},117,[266,945,279],{"emptyLinePlaceholder":278},[266,947,949],{"class":268,"line":948},118,[266,950,951],{},"Do not inflate severity.\n",[266,953,955],{"class":268,"line":954},119,[266,956,957],{},"False positives are worse than silence.\n",[266,959,961],{"class":268,"line":960},120,[266,962,279],{"emptyLinePlaceholder":278},[266,964,966],{"class":268,"line":965},121,[266,967,968],{},"## Output format\n",[266,970,972],{"class":268,"line":971},122,[266,973,279],{"emptyLinePlaceholder":278},[266,975,977],{"class":268,"line":976},123,[266,978,979],{},"Return only the final review. No hidden reasoning transcript.\n",[266,981,983],{"class":268,"line":982},124,[266,984,279],{"emptyLinePlaceholder":278},[266,986,988],{"class":268,"line":987},125,[266,989,990],{},"Use this structure:\n",[266,992,994],{"class":268,"line":993},126,[266,995,279],{"emptyLinePlaceholder":278},[266,997,999],{"class":268,"line":998},127,[266,1000,1001],{},"# Review scope\n",[266,1003,1005],{"class":268,"line":1004},128,[266,1006,1007],{},"- Base\u002Ftarget inspected:\n",[266,1009,1011],{"class":268,"line":1010},129,[266,1012,1013],{},"- Changed files reviewed:\n",[266,1015,1017],{"class":268,"line":1016},130,[266,1018,1019],{},"- Extra context read:\n",[266,1021,1023],{"class":268,"line":1022},131,[266,1024,279],{"emptyLinePlaceholder":278},[266,1026,1028],{"class":268,"line":1027},132,[266,1029,1030],{},"# Findings\n",[266,1032,1034],{"class":268,"line":1033},133,[266,1035,279],{"emptyLinePlaceholder":278},[266,1037,1039],{"class":268,"line":1038},134,[266,1040,1041],{},"If no qualifying findings:\n",[266,1043,1045],{"class":268,"line":1044},135,[266,1046,1047],{},"`No qualifying findings. Patch appears correct under the reviewed scope.`\n",[266,1049,1051],{"class":268,"line":1050},136,[266,1052,279],{"emptyLinePlaceholder":278},[266,1054,1056],{"class":268,"line":1055},137,[266,1057,1058],{},"Otherwise, for each finding:\n",[266,1060,1062],{"class":268,"line":1061},138,[266,1063,279],{"emptyLinePlaceholder":278},[266,1065,1067],{"class":268,"line":1066},139,[266,1068,1069],{},"## [P?] Short imperative title\n",[266,1071,1073],{"class":268,"line":1072},140,[266,1074,279],{"emptyLinePlaceholder":278},[266,1076,1078],{"class":268,"line":1077},141,[266,1079,1080],{},"**Location:** `path\u002Fto\u002Ffile.ts:Lx-Ly`\n",[266,1082,1084],{"class":268,"line":1083},142,[266,1085,1086],{},"**Confidence:** 0.xx\n",[266,1088,1090],{"class":268,"line":1089},143,[266,1091,1092],{},"**Why this is a problem:** One concise paragraph explaining the concrete failure mode.\n",[266,1094,1096],{"class":268,"line":1095},144,[266,1097,1098],{},"**Scenario:** The specific input\u002Fstate\u002Fpath where it breaks.\n",[266,1100,1102],{"class":268,"line":1101},145,[266,1103,1104],{},"**Recommended fix:** Concrete action. Include a tiny code suggestion only if it fully fixes the issue.\n",[266,1106,1108],{"class":268,"line":1107},146,[266,1109,279],{"emptyLinePlaceholder":278},[266,1111,1113],{"class":268,"line":1112},147,[266,1114,1115],{},"# Human reviewer callouts (non-blocking)\n",[266,1117,1119],{"class":268,"line":1118},148,[266,1120,279],{"emptyLinePlaceholder":278},[266,1122,1124],{"class":268,"line":1123},149,[266,1125,1126],{},"Include only applicable items:\n",[266,1128,1130],{"class":268,"line":1129},150,[266,1131,1132],{},"- Database migration \u002F irreversible operation\n",[266,1134,1136],{"class":268,"line":1135},151,[266,1137,1138],{},"- Dependency or lockfile change\n",[266,1140,1142],{"class":268,"line":1141},152,[266,1143,1144],{},"- Auth\u002Fpermission behavior change\n",[266,1146,1148],{"class":268,"line":1147},153,[266,1149,1150],{},"- Public API\u002Fschema\u002Fcontract change\n",[266,1152,1154],{"class":268,"line":1153},154,[266,1155,1156],{},"- Observability\u002Fmetrics semantics change\n",[266,1158,1160],{"class":268,"line":1159},155,[266,1161,1162],{},"- Backwards compatibility risk\n",[266,1164,1166],{"class":268,"line":1165},156,[266,1167,1168],{},"- Operational rollout risk\n",[266,1170,1172],{"class":268,"line":1171},157,[266,1173,279],{"emptyLinePlaceholder":278},[266,1175,1177],{"class":268,"line":1176},158,[266,1178,1179],{},"If none:\n",[266,1181,1183],{"class":268,"line":1182},159,[266,1184,1185],{},"- (none)\n",[266,1187,1189],{"class":268,"line":1188},160,[266,1190,279],{"emptyLinePlaceholder":278},[266,1192,1194],{"class":268,"line":1193},161,[266,1195,1196],{},"# Verdict\n",[266,1198,1200],{"class":268,"line":1199},162,[266,1201,279],{"emptyLinePlaceholder":278},[266,1203,1205],{"class":268,"line":1204},163,[266,1206,1207],{},"`correct` if there are no blocking correctness\u002Fsecurity\u002Fcontract issues.\n",[266,1209,1211],{"class":268,"line":1210},164,[266,1212,1213],{},"`needs attention` if at least one P0\u002FP1\u002FP2 finding should be fixed before merge.\n",[266,1215,1217],{"class":268,"line":1216},165,[266,1218,279],{"emptyLinePlaceholder":278},[266,1220,1222],{"class":268,"line":1221},166,[266,1223,1224],{},"Add a 1–3 sentence explanation.\n",[45,1226,1228],{"id":1227},"shorter-emergency-paste-version","Shorter “emergency paste” version",[10,1230,1231],{},"When you need speed and zero fluff:",[257,1233,1235],{"className":259,"code":1234,"language":261,"meta":262,"style":262},"Review the current diff as a senior engineer.\n\nFind only real defects introduced by this change. Do not summarize politely. Do not comment on style, unused code, extra touched files, missing tests, or pre-existing problems unless they create a concrete behavioral\u002Flogic\u002Fsecurity\u002Fcontract issue.\n\nProcess:\n1. Inspect `git status`, `git diff`, `git diff --staged`, and relevant changed files.\n2. Read nearby\u002Fimported files only when needed to validate behavior.\n3. Identify the intent of the change.\n4. Trace correctness, contracts, async\u002Ferror paths, fallbacks, schemas, config keys, metrics, and operational risks.\n5. For every candidate issue, try to disprove it. Keep only validated findings.\n6. Do not stop after the first issue.\n\nFlag only issues that are:\n- introduced by this diff\n- provably impactful\n- discrete and actionable\n- likely to be fixed by the author\n- supported by exact file\u002Fline evidence\n\nOutput:\n- Findings with `[P0-P3]`, file:line, confidence, failure scenario, and concrete fix.\n- Human reviewer callouts for migrations\u002Fdeps\u002Fauth\u002FAPI\u002Fmetrics\u002Fcompatibility\u002Fdestructive operations.\n- Final verdict: `correct` or `needs attention`.\n\nIf there are no qualifying findings, say exactly:\n`No qualifying findings. Patch appears correct under the reviewed scope.`\n",[33,1236,1237,1242,1246,1251,1255,1260,1265,1270,1275,1280,1285,1290,1294,1299,1304,1309,1314,1319,1324,1328,1333,1338,1343,1348,1352,1357],{"__ignoreMap":262},[266,1238,1239],{"class":268,"line":269},[266,1240,1241],{},"Review the current diff as a senior engineer.\n",[266,1243,1244],{"class":268,"line":275},[266,1245,279],{"emptyLinePlaceholder":278},[266,1247,1248],{"class":268,"line":282},[266,1249,1250],{},"Find only real defects introduced by this change. Do not summarize politely. Do not comment on style, unused code, extra touched files, missing tests, or pre-existing problems unless they create a concrete behavioral\u002Flogic\u002Fsecurity\u002Fcontract issue.\n",[266,1252,1253],{"class":268,"line":288},[266,1254,279],{"emptyLinePlaceholder":278},[266,1256,1257],{"class":268,"line":294},[266,1258,1259],{},"Process:\n",[266,1261,1262],{"class":268,"line":299},[266,1263,1264],{},"1. Inspect `git status`, `git diff`, `git diff --staged`, and relevant changed files.\n",[266,1266,1267],{"class":268,"line":305},[266,1268,1269],{},"2. Read nearby\u002Fimported files only when needed to validate behavior.\n",[266,1271,1272],{"class":268,"line":310},[266,1273,1274],{},"3. Identify the intent of the change.\n",[266,1276,1277],{"class":268,"line":316},[266,1278,1279],{},"4. Trace correctness, contracts, async\u002Ferror paths, fallbacks, schemas, config keys, metrics, and operational risks.\n",[266,1281,1282],{"class":268,"line":321},[266,1283,1284],{},"5. For every candidate issue, try to disprove it. Keep only validated findings.\n",[266,1286,1287],{"class":268,"line":327},[266,1288,1289],{},"6. Do not stop after the first issue.\n",[266,1291,1292],{"class":268,"line":333},[266,1293,279],{"emptyLinePlaceholder":278},[266,1295,1296],{"class":268,"line":339},[266,1297,1298],{},"Flag only issues that are:\n",[266,1300,1301],{"class":268,"line":345},[266,1302,1303],{},"- introduced by this diff\n",[266,1305,1306],{"class":268,"line":350},[266,1307,1308],{},"- provably impactful\n",[266,1310,1311],{"class":268,"line":356},[266,1312,1313],{},"- discrete and actionable\n",[266,1315,1316],{"class":268,"line":362},[266,1317,1318],{},"- likely to be fixed by the author\n",[266,1320,1321],{"class":268,"line":368},[266,1322,1323],{},"- supported by exact file\u002Fline evidence\n",[266,1325,1326],{"class":268,"line":374},[266,1327,279],{"emptyLinePlaceholder":278},[266,1329,1330],{"class":268,"line":380},[266,1331,1332],{},"Output:\n",[266,1334,1335],{"class":268,"line":386},[266,1336,1337],{},"- Findings with `[P0-P3]`, file:line, confidence, failure scenario, and concrete fix.\n",[266,1339,1340],{"class":268,"line":392},[266,1341,1342],{},"- Human reviewer callouts for migrations\u002Fdeps\u002Fauth\u002FAPI\u002Fmetrics\u002Fcompatibility\u002Fdestructive operations.\n",[266,1344,1345],{"class":268,"line":397},[266,1346,1347],{},"- Final verdict: `correct` or `needs attention`.\n",[266,1349,1350],{"class":268,"line":403},[266,1351,279],{"emptyLinePlaceholder":278},[266,1353,1354],{"class":268,"line":409},[266,1355,1356],{},"If there are no qualifying findings, say exactly:\n",[266,1358,1359],{"class":268,"line":415},[266,1360,1047],{},[45,1362,1364],{"id":1363},"how-i-would-deploy-this","How I would deploy this",[10,1366,1367,1368,1372,1373,1376],{},"Keep the long prompt as ",[16,1369,1370],{},[33,1371,251],{}," in the repo (or next to your agent config) so it versions with your standards. Keep the short block in a snippet expander or internal runbook for the “we are on fire but still need a real review” moments. The long one has structure; the short one still has ",[16,1374,1375],{},"claws","—it refuses the common failure modes (performative politeness, scope creep, first-bug-stop).",[10,1378,1379,1380,118,1383,203,1386,1389],{},"If you adopt nothing else, adopt this triad: ",[16,1381,1382],{},"line-grounded findings",[16,1384,1385],{},"explicit false-positive control",[16,1387,1388],{},"artifacts humans can grep",".",[1391,1392,1393],"style",{},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":262,"searchDepth":275,"depth":275,"links":1395},[1396,1397,1398,1399,1400,1402,1403],{"id":47,"depth":275,"text":48},{"id":90,"depth":275,"text":91},{"id":130,"depth":275,"text":131},{"id":181,"depth":275,"text":182},{"id":247,"depth":275,"text":1401},"Ready-to-use prompt (save as review.prompt.md)",{"id":1227,"depth":275,"text":1228},{"id":1363,"depth":275,"text":1364},"2026-05-03","md",null,{},"\u002Fblog\u002F2026-05-03-ai-code-review-patterns-worth-stealing",{"title":5,"description":12},"blog\u002F2026-05-03-ai-code-review-patterns-worth-stealing","A compact map of what Codex, Claude Code, Gemini CLI, and Cursor-shaped CI each optimize for, plus two copy-paste review prompts you can drop into agents or repos.","WZnzl9KwblWTFyV2xGdd27LZ9lt5pNAO3sJ-ujAM7QY",1778533464395]