How to review AI-generated code before you merge it

Abstract illustration of reviewing AI-generated code before merge, with checkmarks, magnifying glass, and security shield symbols

AI coding assistants can produce useful changes quickly, but speed creates a new review problem: the code may look polished while hiding risky assumptions. When a human writes a pull request, you can usually infer intent from commit messages, branch names, and the scope of changes. When an AI agent writes code, the change can span dozens of files with confident-looking implementations that no human actually designed line by line.

This guide gives you a repeatable, structured review pass you can apply to any AI-generated change — whether it comes from Copilot, Cursor, Claude, ChatGPT, or an autonomous agent. It is practical, opinionated, and designed for small teams who cannot afford a separate AI-safety review board.

Why reviewing AI-generated code is different

Human-written code has an author you can ask. AI-generated code has a prompt and a model. The gap between what you asked for and what the model produced is where risk hides. Three patterns show up repeatedly:

  • Over-scoping: The AI changes files outside the requested task because it „thought” they were related.
  • Confident subtlety: The code looks correct at a glance but introduces parsing assumptions, missing error handling, or implicit dependencies.
  • Surface-level tests: The AI generates tests that pass but do not exercise the risky edge cases — they test the happy path the model itself followed.

None of these are theoretical. They happen on real projects every day. The good news: a short structured pass catches most of them.

The five-check pre-merge review pass

Instead of asking „does this look fine?”, run these five checks before you merge any AI-generated change.

1. Scope check: did the AI change more than you asked?

Look at the diff. Count the files. If you asked for a one-function fix and the AI touched 15 files, that is a scope problem. AI agents tend to „improve” things they were not asked to change: reformatting imports, renaming variables in unrelated modules, or adding „helpful” logging.

  • Compare the changed files list against the task description.
  • If any file is not obviously related to the task, ask: „Why was this changed?”
  • Reject or split changes that mix the real fix with unrelated refactoring.

Quick test: If you cannot explain why each changed file was touched in one sentence, the scope is too broad.

2. Security check: did the AI introduce unsafe patterns?

AI models generate code that looks like what they have seen in training data — including insecure patterns. Run this security-specific pass:

  • Input handling: Does the change add string concatenation to SQL, shell commands, or HTML without escaping? Does it deserialize user input without validation?
  • Auth and permissions: Does it bypass authentication checks, add broad IAM permissions, or hardcode credentials or API keys?
  • Secrets: Does the diff contain any real passwords, tokens, connection strings, or private keys? Scan for patterns that look like secrets even if the model labeled them „example.”
  • Dependencies: Does it add new packages? Check them for known vulnerabilities, abandoned maintenance, or supply-chain risk.

Quick test: Run grep -ri "password\|secret\|token\|api.key\|Bearer" on the diff. If anything matches that is not clearly a test fixture, block the merge.

3. Data check: did the AI alter persistence or destructive operations?

AI agents can and do modify database schemas, add destructive migrations, or change data-processing pipelines without understanding the production impact.

  • Migrations: Does the change add or modify database migrations? Check for column drops, table renames, or NOT NULL constraints without defaults.
  • Data flow: Does it change how data is read, written, or transformed? Check for silent truncation, encoding changes, or type coercion.
  • Destructive operations: Does it add DELETE, DROP, TRUNCATE, or destructive API calls? These must be explicit, scoped, and reversible.

Quick test: Search the diff for DROP, DELETE, TRUNCATE, remove, and destroy. Each occurrence should have an obvious safety guard or justification.

4. Runtime check: did the AI add untested async, network, or deployment assumptions?

AI-generated code often assumes a perfect runtime environment: fast network, available services, correct configuration. Real environments fail in ways the model never experienced.

  • Async and concurrency: Does the change add async operations, threads, or parallel processing? Check for race conditions, missing locks, or unhandled promise rejections.
  • Network calls: Does it add HTTP requests, gRPC calls, or message queue operations? Check for timeouts, retries, circuit breakers, and error handling.
  • Environment assumptions: Does it hardcode URLs, ports, or file paths? Does it assume a specific OS, cloud provider, or deployment configuration?

Quick test: For each new function that makes a network call or runs asynchronously, ask: „What happens when this fails or times out?” If the answer is not in the code, it is a gap.

5. Rollback check: can you explain and revert the change if it fails?

This is the final gate. If you cannot explain what the change does in plain language, you cannot safely roll it back. AI-generated diffs can be surprisingly hard to reverse if they span multiple concerns.

  • Write a one-paragraph summary of what the AI changed and why.
  • Verify that the diff has a clear reverse operation (git revert should work cleanly).
  • If the change includes database migrations, verify the down-migration exists and is correct.
  • If the change modifies configuration or infrastructure, verify you can undo it without data loss.

Quick test: Try to write the rollback steps. If you cannot, the change is not ready to merge.

How to use this review pass in practice

These five checks work as a checklist you can apply in under 10 minutes per pull request. Here is how to integrate them into your workflow:

  1. Before you open the PR: Run the five checks yourself. Note any findings in the PR description.
  2. In the PR review: Use the checklist as a shared language with your team. Each check is a pass/fail gate.
  3. In CI: Automate what you can. Lint for scope (changed files count), scan for secrets (gitleaks, truffleHog), and run migration checks. Let humans handle the judgment calls.
  4. At merge: Confirm that all five checks passed. If any check failed, either fix the issue or document the exception.

For teams using AI coding agents regularly, this becomes second nature. The first few reviews take longer, but the pattern recognition builds quickly.

Common anti-patterns to watch for

  • The „it works on my machine” test suite: AI-generated tests that only pass in the specific environment the model assumed. Look for hardcoded paths, time-dependent assertions, and mocked services that do not match production.
  • The confident refactor: The AI renamed variables, reorganized imports, or changed data structures across many files. This is scope creep disguised as improvement. Reject it unless it was explicitly requested.
  • The missing error path: The happy path works, but error branches are stubs (pass, TODO, empty catch blocks). AI models are trained on code that handles success well and failure poorly.
  • The hallucinated import: The AI imported a package that does not exist, called a method with the wrong signature, or referenced a library version that has a different API. Always verify imports and API calls.

When to escalate

Not every AI-generated change needs the same depth of review. Use this escalation guide:

  • Low risk (typo fix, comment, styling): Quick scope check. Merge if clean.
  • Medium risk (new feature, refactoring, API change): Full five-check pass. Required before merge.
  • High risk (security, auth, data pipeline, payment, deployment): Full five-check pass plus a second reviewer. No exceptions.

If you are unsure about the risk level, treat it as medium. Over-reviewing is cheaper than rolling back a production incident.

Checklist summary

  • ☑ Scope: Only changed what was requested
  • ☑ Security: No unsafe parsing, auth bypasses, secrets, or risky dependencies
  • ☑ Data: No unreviewed migrations, destructive operations, or silent data changes
  • ☑ Runtime: Async, network, and environment assumptions are handled
  • ☑ Rollback: You can explain the change and revert it cleanly

Frequently asked questions

Do I need to review every AI-generated line?

No. Use the risk escalation guide. Low-risk changes need a quick scope check. Medium and high-risk changes need the full five-check pass. The point is to have a structured review, not to slow you down.

What if the AI wrote tests?

Review the tests with the same five checks. AI-generated tests are often superficial — they test what the AI implemented, not what could go wrong. Pay extra attention to the runtime check: do the tests exercise error paths, or only the happy path?

Can I automate these checks?

Partially. Scope and security checks can be automated with linters, secret scanners, and diff-size limits. Data and runtime checks require human judgment. Rollback checks are fast for humans but hard to automate well. Start with what you can automate and add human gates for the rest.

What if I am a solo developer?

The five-check pass is even more important for solo developers because you are the only line of defense. Use the checklist as a self-review before you merge. Set up CI guards for scope and secrets, and run the data, runtime, and rollback checks yourself. The Basic audit kit is designed specifically for solo developers who need a structured review without a team.

Take the next step

If you want a ready-made workflow for reviewing AI-generated changes, the AI Agent Change Risk Audit Kit gives you:

  • Basic: Structured checklist, review prompts, and a client-ready workflow — everything you need for the five-check pass. Get the Basic kit →
  • Pro: Everything in Basic plus CI gate templates, secret scanning configuration, policy-driven enforcement examples, and sample audit reports for stakeholder communication. Get the Pro kit →

Both kits are one-time purchases with no subscription. Download, customize, and start using them in your next review.

Related articles

Następny artykuł
Wczytywanie, proszę czekać...
WRÓĆ NA GÓRĘ