Risk Level: π’ Essential (but Mostly Harmless to do)
Guide Entry
CODE REVIEW (n.): The practice of having human eyes examine code before it ships. With AI-generated code, this is not optional. The AI has no judgment. You provide the judgment. Review is where judgment happens.
Why Review AI Code Differently
Traditional code review asks:
- Is this correct?
- Is this readable?
- Does this follow our patterns?
AI code review adds:
- Did the AI understand the requirement?
- Is this real? (hallucination check)
- Is this what I asked for? (scope creep check)
- Is this secure? (AI optimizes for function, not security)
The AI Code Review Checklist
Understanding Check
[ ] Does this solve the actual problem?
[ ] Does it handle the cases I need?
[ ] Does it avoid the cases I said to avoid?
Reality Check
[ ] Do all imports exist?
[ ] Do all methods exist?
[ ] Are API calls to real endpoints?
[ ] Are dependencies in package.json/requirements.txt?
Scope Check
[ ] Did it only change what I asked?
[ ] Are there surprise "improvements"?
[ ] Did it add features I didn't request?
[ ] Did it delete code I need?
Security Check
[ ] No hardcoded secrets?
[ ] No SQL injection vulnerabilities?
[ ] No XSS vulnerabilities?
[ ] Input validation present?
[ ] Authentication checked where needed?
Quality Check
[ ] Is this readable?
[ ] Will I understand this in a month?
[ ] Does it match our patterns?
[ ] Is it appropriately commented?
Review Depth by Risk Level
π’ Mostly Harmless
Quick scan:
- Does it work?
- Obviously broken?
- Ship it.
π‘ Caution Advised
Standard review:
- Run the checklist above
- Test the main path
- Verify key logic
π Danger
Deep review:
- Line-by-line reading
- Run all checks
- Write tests first
- Get a second reviewer
π΄ Dragons
Formal review:
- Multiple independent reviewers
- Security audit
- Performance audit
- Compliance verification
Common Issues in AI Code
Over-Engineering
AI loves to add:
- Unnecessary abstractions
- Configurable everything
- Handling for cases that can't happen
Fix: Delete what you don't need.
Under-Engineering
AI misses:
- Edge cases you mentioned
- Security concerns
- Performance implications
Fix: Add what's missing.
Style Drift
AI ignores:
- Your naming conventions
- Your file organization
- Your preferred patterns
Fix: Refactor to match your style.
Confidence Without Verification
AI never says:
- "I'm not sure about this"
- "You should test this carefully"
- "This might have issues"
Fix: Assume everything needs verification.
Self-Review Technique
When reviewing your own AI-generated code:
1. Step Away
Don't review immediately. Let the vibes settle.
2. Explain It
Can you explain every line? If not, you don't understand it.
3. Test First
Write a test before reviewing the implementation.
4. Delete Test
Can you delete this code and still have a working system? If yes, maybe you should.
5. Future You
Will future you thank or curse present you for this code?
The Street Rule
"The AI writes code. You accept responsibility. Review is where responsibility is exercised."
Move to Make
For your next AI-generated code:
- Wait 10 minutes before integrating
- Run through the full checklist
- Note what you caught
- Adjust your prompts to prevent those issues next time